CVE-2008-1945
Published: 8 August 2008
QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.
Notes
Author | Note |
---|---|
kees | this follows CVE-2008-2004 chronologically. xen-utils-3.x is in universe. |
mdeslaur | patch is xen-qemu-usbdisk-no-auto-format.patch in RHEL5 |
Priority
Status
Package | Release | Status |
---|---|---|
qemu Launchpad, Ubuntu, Debian |
oneiric |
Does not exist
|
dapper |
Ignored
(end of life)
|
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Needs triage
|
|
Patches: vendor: http://www.mandriva.com/security/advisories?name=MDVSA-2008:162 |
||
kvm Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(1:62+dfsg-0ubuntu8.1)
|
|
intrepid |
Released
(1:72+dfsg-1ubuntu6.1)
|
|
jaunty |
Not vulnerable
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Needs triage
|
|
qemu-kvm Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Not vulnerable
|
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
upstream |
Needs triage
|
|
xen-3.0 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Ignored
(end of life, was needs-triage)
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Needs triage
|
|
Patches: vendor: http://people.ubuntu.com/~kees/qemu/xen-qemu-usbdisk-no-auto-format-CVE-2008-1945.patch |
||
xen-3.1 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Needs triage
|
|
Patches: vendor: http://people.ubuntu.com/~kees/qemu/xen-qemu-usbdisk-no-auto-format-CVE-2008-1945.patch |
||
Binaries built from this source package are in Universe and so are supported by the community. | ||
xen-3.2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Needs triage
|
|
Patches: vendor: http://people.ubuntu.com/~kees/qemu/xen-qemu-usbdisk-no-auto-format-CVE-2008-1945.patch |
||
Binaries built from this source package are in Universe and so are supported by the community. | ||
xen-3.3 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
oneiric |
Does not exist
|
|
upstream |
Not vulnerable
|