1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:N/A:P
libvirt is vulnerable to denial of service. When parsing XML documents using the libxml2 library, libvirt passes the XML_PARSE_NOENT
flag and all XML entities in the parsed documents are expanded. This allows an attacker to parse an XML document which references a special file that blocks read access and causes the process to hang.
libvirt.org/news.html
libvirt.org/news.html
lists.opensuse.org/opensuse-updates/2014-05/msg00048.html
lists.opensuse.org/opensuse-updates/2014-05/msg00048.html
lists.opensuse.org/opensuse-updates/2014-05/msg00052.html
lists.opensuse.org/opensuse-updates/2014-05/msg00052.html
rhn.redhat.com/errata/RHSA-2014-0560.html
rhn.redhat.com/errata/RHSA-2014-0560.html
secunia.com/advisories/60895
secunia.com/advisories/60895
security.gentoo.org/glsa/glsa-201412-04.xml
security.gentoo.org/glsa/glsa-201412-04.xml
security.libvirt.org/2014/0003.html
security.libvirt.org/2014/0003.html
www.debian.org/security/2014/dsa-3038
www.debian.org/security/2014/dsa-3038
www.ubuntu.com/usn/USN-2366-1
www.ubuntu.com/usn/USN-2366-1
access.redhat.com/errata/RHSA-2014:0560
access.redhat.com/errata/RHSA-2014:0914
access.redhat.com/security/cve/CVE-2014-0179
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1088290
bugzilla.redhat.com/show_bug.cgi?id=1091206
bugzilla.redhat.com/show_bug.cgi?id=1096806
bugzilla.redhat.com/show_bug.cgi?id=1097227
rhn.redhat.com/errata/RHSA-2014-0560.html