Your submission was sent successfully! Close

CVE-2016-7116

Published: 31 August 2016

Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string.

Priority

Low

CVSS 3 base score: 6.0

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian 		precise Does not exist

trusty
Released (2.0.0+dfsg-2ubuntu1.30)
upstream Needs triage

xenial
Released (1:2.5+dfsg-5ubuntu10.6)
yakkety
Released (1:2.6.1+dfsg-0ubuntu5.1)
Patches:
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=917e9a9816f34787391059c89ba5fb770fe22028
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=b5191b2df7dc92a7a4f7fb4d18c37cf8aae38894
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=85d0a53c583656e5e37a8317f9119933c796847f
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=5e2c6fe7cc5314c13d96069328b603c40dc12b41
qemu-kvm
Launchpad, Ubuntu, Debian 		precise
Released (1.0+noroms-0ubuntu14.31)
trusty Does not exist

upstream Needs triage

xenial Does not exist

yakkety Does not exist

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading