1
PublicDateAtUSN: 2014-01-24
2
Candidate: CVE-2013-6458
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6458
6
https://usn.ubuntu.com/usn/usn-2093-1
8
Multiple race conditions in the (1) virDomainBlockStats, (2)
9
virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4)
10
virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly
11
verify that the disk is attached, which allows remote read-only attackers
12
to cause a denial of service (libvirtd crash) via the
13
virDomainDetachDeviceFlags command.
16
mdeslaur> code in lucid is different, looks ok
18
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6458
19
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734556
25
upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=db86da5ca2109e4006c286a09b6c75bfe10676ad
26
upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=b799259583bd65c0b2f5042e6c3ff19637ade881
27
upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=f93d2caa070f6197ab50d372d286018b0ba6bbd8
28
upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=ff5f30b6bfa317f2a4c33f69289baf4e887eb048
29
upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=3b56425938e2f97208d5918263efa0d6439e4ecd
30
upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=c430c002dd8287c5d7b834993ddfbd61435248c4 (0.9.12)
31
upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=4dd29d3bdf4bf3a4c4b1077ddf4355bcf548ca2f (0.9.12)
32
upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=3e7d9e54e9ce286fe1bee5d32089cd58d63e5cee (0.9.12)
33
upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=2786686eb5855e0046817d47055cd784881ca8cb (0.9.12)
34
upstream_libvirt: released (1.2.1)
35
lucid_libvirt: not-affected
36
precise_libvirt: released (0.9.8-2ubuntu17.17)
37
quantal_libvirt: released (0.9.13-0ubuntu12.6)
38
raring_libvirt: ignored (reached end-of-life)
39
saucy_libvirt: released (1.1.1-0ubuntu8.5)
40
devel_libvirt: not-affected (1.2.1-0ubuntu2)