A race condition was found in the way libvirtd handled keepalive initialization requests when the connection is closed prior to establishing connection credentials. An attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd, resulting in a denial of service. Upstream patches: http://libvirt.org/git/?p=libvirt.git;a=commit;h=173c291 http://libvirt.org/git/?p=libvirt.git;a=commit;h=066c8ef
Statement: Not vulnerable. This issue did not affect the versions of libvirt as shipped with Red Hat Enterprise Linux 5.
CVE Request -- http://seclists.org/oss-sec/2014/q1/82
Created libvirt tracking bugs for this issue: Affects: fedora-all [bug 1054808]
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2014:0103 https://rhn.redhat.com/errata/RHSA-2014-0103.html