CVE-2014-1447
Published: 24 January 2014
Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.
Notes
Author | Note |
---|---|
jdstrand | per upstream, introduced in 0.9.8 |
Priority
Status
Package | Release | Status |
---|---|---|
libvirt Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
(0.7.5-5ubuntu27.24)
|
precise |
Released
(0.9.8-2ubuntu17.17)
|
|
quantal |
Released
(0.9.13-0ubuntu12.6)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Released
(1.1.1-0ubuntu8.5)
|
|
upstream |
Released
(1.2.1-rc2)
|
|
Patches: upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=173c2914734eb5c32df6d35a82bf503e12261bcf upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=066c8ef6c18bc1faf8b3e10787b39796a7a06cc0 |