A part of the returned monitor response was freed twice and caused crashes of the daemon when using guest agent cpu count retrieval. A remote user able to issue commands to libvirt daemon could use this flaw to crash libvirtd or, potentially, escalate their privilages to that of libvirtd process. References: https://bugzilla.redhat.com/show_bug.cgi?id=984821 https://www.redhat.com/archives/libvir-list/2013-July/msg01035.html Acknowledgements: This issue was discovered by Petr Krempa of Red Hat.
Statement: Not vulnerable. This issue did not affect the versions of libvirt as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.
Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=dfc692350a04a70b4ca65667c30869b3bfdaf034
Created libvirt tracking bugs for this issue: Affects: fedora-all [bug 986408]