CVE-2013-4236
First published: Mon Aug 12 2013(Updated: )
It was found that fix for <a href="https://access.redhat.com/security/cve/CVE-2013-0167">CVE-2013-0167</a> was not complete. A privileged guest user could still potentially make the host the guest is running on unavailable to the management server by making guest agent return data with invalid XML characters. Upstream fix: <a href="http://gerrit.ovirt.org/gitweb?p=vdsm.git;a=commit;h=5fe1615b7949999fc9abd896bde63bf24f8431d6">http://gerrit.ovirt.org/gitweb?p=vdsm.git;a=commit;h=5fe1615b7949999fc9abd896bde63bf24f8431d6</a> Acknowledgements: This issue was found by David Gibson of Red Hat.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Enterprise Virtualization | =3.0 | |
| Redhat Enterprise Virtualization | =3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2013-0167
- http://gerrit.ovirt.org/gitweb?p=vdsm.git;a=commit;h=5fe1615b7949999fc9abd896bde63bf24f8431d6
- https://rhn.redhat.com/errata/RHSA-2013-1155.html
- https://rhn.redhat.com/errata/RHSA-2013-1181.html
- https://bugzilla.redhat.com/show_bug.cgi?id=996166
- http://gerrit.ovirt.org/gitweb?p=vdsm.git%3Ba=commit%3Bh=5fe1615b7949999fc9abd896bde63bf24f8431d6
- http://rhn.redhat.com/errata/RHSA-2013-1155.html
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/event
- agent/tags
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-4236
- vendor/redhat
- canonical/redhat enterprise virtualization
- version/redhat enterprise virtualization/3.0
- version/redhat enterprise virtualization/3.2