http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=46532e3e8ed5f5a736a02f67d6c805492f9ca720

http://libvirt.org/news.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098326.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098370.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098398.html

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00016.html

http://osvdb.org/89644

http://rhn.redhat.com/errata/RHSA-2013-0199.html

http://secunia.com/advisories/52001

http://secunia.com/advisories/52003

http://wiki.libvirt.org/page/Maintenance_Releases

http://www.securityfocus.com/bid/57578

http://www.securitytracker.com/id/1028047

http://www.ubuntu.com/usn/USN-1708-1

https://bugzilla.redhat.com/show_bug.cgi?id=893450

https://exchange.xforce.ibmcloud.com/vulnerabilities/81552

CVE-2013-0170 libvirt: use-after-free in virNetMessageFree()

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.

Red Hat, Inc. (AV:A/AC:H/Au:N/C:C/I:C/A:C)

https://access.redhat.com/errata/RHSA-2013:0199 [No Types Assigned]

https://access.redhat.com/security/cve/CVE-2013-0170 [No Types Assigned]

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.

CVE-2013-0170 libvirt: use-after-free in virNetMessageFree()

Red Hat, Inc. (AV:A/AC:H/Au:N/C:C/I:C/A:C)

http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=46532e3e8ed5f5a736a02f67d6c805492f9ca720 [No Types Assigned]

https://access.redhat.com/errata/RHSA-2013:0199 [No Types Assigned]

https://access.redhat.com/security/cve/CVE-2013-0170 [No Types Assigned]

http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720 [Patch, Vendor Advisory]

NIST (AV:N/AC:M/Au:N/C:P/I:P/A:P)

NIST (AV:N/AC:M/Au:N/C:C/I:C/A:C)

NIST CWE-416

NIST CWE-399

OR
     *cpe:2.3:a:redhat:libvirt:*:0.9.11:*:*:*:*:*:*
     *cpe:2.3:a:redhat:libvirt:*:0.9.11.1:*:*:*:*:*:*
     *cpe:2.3:a:redhat:libvirt:*:0.9.11.2:*:*:*:*:*:*
     *cpe:2.3:a:redhat:libvirt:*:0.9.11.3:*:*:*:*:*:*
     *cpe:2.3:a:redhat:libvirt:*:0.9.11.4:*:*:*:*:*:*
     *cpe:2.3:a:redhat:libvirt:*:0.9.11.5:*:*:*:*:*:*
     *cpe:2.3:a:redhat:libvirt:*:0.9.11.6:*:*:*:*:*:*
     *cpe:2.3:a:redhat:libvirt:*:0.9.11.7:*:*:*:*:*:*
     *cpe:2.3:a:redhat:libvirt:*:0.9.11.8:*:*:*:*:*:*
     *cpe:2.3

OR
     *cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:* versions from (including) 0.9.6 up to (excluding) 0.9.6.4
     *cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:* versions from (including) 0.9.11 up to (excluding) 0.9.11.9
     *cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:* versions from (including) 0.10.2 up to (excluding) 0.10.2.3
     *cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:* versions from (including) 1.0.0 up to (excluding) 1.0.2

OR
     *cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
     *cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
     *cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
     *cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
     *cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
     *cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
     *cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
     *cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*

OR
     *cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

OR
     *cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp2:*:*:*:*:*:*
     *cpe:2.3:o:novell:suse_linux:11:*:desktop:*:*:*:*:*
     *cpe:2.3:o:novell:suse_linux:11:*:server:*:*:*:*:*

OR
     *cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
     *cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
     *cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
     *cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720 No Types Assigned

http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720 Patch, Vendor Advisory

http://libvirt.org/news.html No Types Assigned

http://libvirt.org/news.html Release Notes, Vendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098326.html Vendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098326.html Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098370.html Vendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098370.html Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098398.html Vendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098398.html Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00001.html Mailing List, Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00002.html Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00002.html Mailing List, Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00016.html Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00016.html Mailing List, Third Party Advisory

http://osvdb.org/89644 No Types Assigned

http://osvdb.org/89644 Broken Link

http://rhn.redhat.com/errata/RHSA-2013-0199.html Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-0199.html Third Party Advisory

http://secunia.com/advisories/52001 Vendor Advisory

http://secunia.com/advisories/52001 Third Party Advisory

http://secunia.com/advisories/52003 Vendor Advisory

http://secunia.com/advisories/52003 Third Party Advisory

http://wiki.libvirt.org/page/Maintenance_Releases No Types Assigned

http://wiki.libvirt.org/page/Maintenance_Releases Release Notes, Vendor Advisory

http://www.securityfocus.com/bid/57578 No Types Assigned

http://www.securityfocus.com/bid/57578 Third Party Advisory, VDB Entry

http://www.securitytracker.com/id/1028047 No Types Assigned

http://www.securitytracker.com/id/1028047 Third Party Advisory, VDB Entry

http://www.ubuntu.com/usn/USN-1708-1 Vendor Advisory

http://www.ubuntu.com/usn/USN-1708-1 Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=893450 Patch

https://bugzilla.redhat.com/show_bug.cgi?id=893450 Issue Tracking, Patch, Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/81552 No Types Assigned

https://exchange.xforce.ibmcloud.com/vulnerabilities/81552 Third Party Advisory, VDB Entry

OR
     *cpe:2.3:o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:novell:opensuse:12.1:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:novell:opensuse:12.2:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*

https://exchange.xforce.ibmcloud.com/vulnerabilities/81552 [No Types Assigned]

http://xforce.iss.net/xforce/xfdb/81552 [No Types Assigned]

Configuration 1
     OR
          *cpe:2.3:o:novell:opensuse:12.1:*:*:*:*:*:*:*
          *cpe:2.3:o:novell:opensuse:12.2:*:*:*:*:*:*:*
Configuration 2
     OR
          *cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
          *cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
Configuration 3
     OR
          *cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
          *cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
Configuration 4
     OR
          *cpe:2.3:o:redhat:enterprise_linux

Configuration 1
     OR
          *cpe:2.3:o:novell:opensuse:12.1:*:*:*:*:*:*:*
          *cpe:2.3:o:novell:opensuse:12.2:*:*:*:*:*:*:*
Configuration 2
     OR
          *cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
          *cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
Configuration 3
     OR
          *cpe:2.3:o:novell:suse_linux:11:*:desktop:*:*:*:*:*
          *cpe:2.3:o:novell:suse_linux:11:*:server:*:*:*:*:*
          *cpe:2.3:a:suse:suse_linux_enterprise_software_develo