A job usage issue in several APIs could allow an attacker who is able to establish a read-only connection to libvirtd to crash libvirtd.
https://bugzilla.redhat.com/show_bug.cgi?id=1043069#c15 notes "I found similar patterns in several other APIs and fixed them by the following commits: v1.2.0-233-gb799259, v1.2.0-234-gf93d2ca, v1.2.0-235-gff5f30b, v1.2.0-236-g3b56425."
Created libvirt tracking bugs for this issue:
Affects: fedora-all [bug 1054206]
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2014:0103 https://rhn.redhat.com/errata/RHSA-2014-0103.html
Red Hat Enterprise Linux 5 is now in Production 3 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.