CVE-2013-4369

Published: 17 October 2013

The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate configuration.

Priority

Low

Status

Package Release Status
xen
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr)
Released (4.3.0-1ubuntu2)
xen-3.3
Launchpad, Ubuntu, Debian 		Upstream Ignored
(reached end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Notes

AuthorNote
jdstrand 
per upstream, "The only known user of this library is the xl
toolstack which does not have a central long running daemon and therefore the
impact is limited to crashing the process which is creating the domain, which
exists only to service a single domain."
mdeslaur 
This is XSA-68

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading