CVE-2014-0179
libvirt - security update
EPSS 0.11%
Description
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.
How to fix CVE-2014-0179
To remediate CVE-2014-0179, upgrade the affected package to a fixed version below.
- —upgrade to 1.2.4-1 or later
- —upgrade to 0.9.12.3-1+deb7u1 or later
Is CVE-2014-0179 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.2.4-1
- from 0, < 0.9.12.3-1+deb7u1