CVE-2016-7116

Published: 31 August 2016

Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string.

Priority

Low

CVSS 3 base score: 6.0

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus)
Released (1:2.5+dfsg-5ubuntu10.6)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.0.0+dfsg-2ubuntu1.30)
Patches:
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=917e9a9816f34787391059c89ba5fb770fe22028
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=b5191b2df7dc92a7a4f7fb4d18c37cf8aae38894
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=85d0a53c583656e5e37a8317f9119933c796847f
Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=5e2c6fe7cc5314c13d96069328b603c40dc12b41
qemu-kvm
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading