CVE-2013-4296

Publication date 17 September 2013

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call.

Read the notes from the security team

Status

Package Ubuntu Release Status
libvirt 13.04 raring
Fixed 1.0.2-0ubuntu11.13.04.4
12.10 quantal
Fixed 0.9.13-0ubuntu12.5
12.04 LTS precise
Fixed 0.9.8-2ubuntu17.13
10.04 LTS lucid
Not affected

Notes

mdeslaur

introduced in 0.9.1 by 158ba8730e44b7dd07a21ab90499996c5dec080a

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
libvirt

References

Related Ubuntu Security Notices (USN)

    • USN-1954-1
    • libvirt vulnerabilities
    • 18 September 2013

Other references