CVE-2013-4369

Publication date 17 October 2013

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the ”@” character as the VIF rate configuration.

Read the notes from the security team

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
xen 13.10 saucy
Fixed 4.3.0-1ubuntu1.1
13.04 raring
Fixed 4.2.2-0ubuntu0.13.04.2
12.10 quantal
Not affected
12.04 LTS precise
Not affected
10.04 LTS lucid Not in release
xen-3.3 13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid
Not affected

Notes

jdstrand

per upstream, “The only known user of this library is the xl toolstack which does not have a central long running daemon and therefore the impact is limited to crashing the process which is creating the domain, which exists only to service a single domain.”

mdeslaur

This is XSA-68