Pavel Hrdina discovered that libvirt incorrectly handled locking when processing the virConnectListAllDomains command. An attacker could use this issue to cause libvirtd to hang, resulting in a denial of service. (CVE-2014-3657)
Eric Blake discovered that libvirt incorrectly handled permissions when processing the qemuDomainFormatXML command. An attacker with read-only privileges could possibly use this to gain access to certain information from the domain xml file. (CVE-2014-7823)
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.2.2-0ubuntu13.1.7", "binary_name": "libvirt-bin" }, { "binary_version": "1.2.2-0ubuntu13.1.7", "binary_name": "libvirt-dev" }, { "binary_version": "1.2.2-0ubuntu13.1.7", "binary_name": "libvirt-doc" }, { "binary_version": "1.2.2-0ubuntu13.1.7", "binary_name": "libvirt0" }, { "binary_version": "1.2.2-0ubuntu13.1.7", "binary_name": "libvirt0-dbg" } ] }