Debian Security Advisory
DSA-2846-1 libvirt -- several vulnerabilities
- Date Reported:
- 17 Jan 2014
- Affected Packages:
- libvirt
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2013-6458, CVE-2014-1447.
- More information:
-
Multiple security issues have been found in Libvirt, a virtualisation abstraction library:
- CVE-2013-6458
It was discovered that insecure job usage could lead to denial of service against libvirtd.
- CVE-2014-1447
It was discovered that a race condition in keepalive handling could lead to denial of service against libvirtd.
For the stable distribution (wheezy), these problems have been fixed in version 0.9.12.3-1. This bugfix point release also addresses some additional bugfixes.
For the unstable distribution (sid), these problems have been fixed in version 1.2.1-1.
We recommend that you upgrade your libvirt packages.
- CVE-2013-6458