ELSA-2014-0914 -- Oracle libvirtID: oval:org.secpod.oval:def:1500634 | Date: (C)2014-08-22 (M)2023-11-10 |
Class: PATCH | Family: unix |
It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a file could use this flaw to read the contents of that file; parsing an XML document with an entity pointing to a special file that blocks on read access could cause libvirtd to hang indefinitely, resulting in a denial of service on the system.