CVE-2010-2237
Publication date 19 August 2010
Last updated 24 July 2024
Ubuntu priority
Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
Status
Package | Ubuntu Release | Status |
---|---|---|
libvirt | 10.10 maverick |
Fixed 0.8.3-1ubuntu8
|
10.04 LTS lucid |
Fixed 0.7.5-5ubuntu27.5
|
|
9.10 karmic |
Not affected
|
|
9.04 jaunty |
Not affected
|
|
8.04 LTS hardy |
Not affected
|
|
6.06 LTS dapper | Not in release |
Notes
jdstrand
AppArmor 10.04 should mostly protect the host OS, but an attacker in a virtual machine may be able to access files of another machine. upstream patch is highly intrusive, needs rewriting for all affected releases, requires a conffile change and a migration helper. Ubuntu 10.04 LTS is the first release to probe the backing stores
References
Related Ubuntu Security Notices (USN)
- USN-1008-1
- libvirt vulnerabilities
- 21 October 2010