xorg-x11-drv-qxl is vulnerable to denial of service. When the sysctl kernel.softlockup_panic
variable is set to “1”, a local attacker with permissions to initiate a SPICE connection is able to crash the guest process via a malicious SPICE connection that prevents other threads from obtaining the qemu_mutex
mutex.
rhn.redhat.com/errata/RHSA-2013-0218.html
secunia.com/advisories/52021
www.mandriva.com/security/advisories?name=MDVSA-2013:138
www.openwall.com/lists/oss-security/2013/01/30/3
www.openwall.com/lists/oss-security/2013/01/30/4
www.ubuntu.com/usn/USN-1714-1
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=906032
exchange.xforce.ibmcloud.com/vulnerabilities/81704
rhn.redhat.com/errata/RHSA-2013-0218.html
wiki.mageia.org/en/Support/Advisories/MGASA-2013-0036