| Summary: | <app-emulation/qemu-1.4.1 : qemu-nbd Arbitrary File Disclosure Vulnerability (CVE-2013-1922) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | cardoe |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://secunia.com/advisories/53032/ | ||
| Whiteboard: | B4 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
This has been in the tree and ready for stabilization. This bug slipped through the cracks when my sons were born unfortunately. TARGET KEYWORDS: amd64 x86 *** Bug 471116 has been marked as a duplicate of this bug. *** amd64: ok (build+run tested fine, repoman -d complains about dependencies btw) amd64 stable x86 stable GLSA vote: no. GLSA vote: no Closing as noglsa |
From ${URL} : Description A vulnerability has been reported in Qemu, which can be exploited by malicious, local users in a guest virtual machine to disclose certain sensitive information. The vulnerability is caused due to an error within the qemu-nbd tool, which does not properly check the format specification when parsing a disk image and can be exploited to read arbitrary files from the host. The vulnerability is reported in versions prior to 1.4.1. Solution Update to version 1.4.1. Provided and/or discovered by Daniel Berrange, Red Hat in a GIT commit. Original Advisory http://git.qemu.org/?p=qemu.git;a=log;h=refs/tags/v1.4.1 https://bugzilla.redhat.com/show_bug.cgi?id=923219 @maintainer(s): after the bump, please say explicitly if the package is ready for the stabilization or not