First published: Thu Jun 21 2012(Updated: )
The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/kvm | ||
debian/qemu-kvm | ||
QEMU qemu | =0.12.2 | |
QEMU qemu | =0.12.0-rc2 | |
QEMU qemu | =0.1.6 | |
QEMU qemu | =0.13.0-rc0 | |
QEMU qemu | =0.4.2 | |
QEMU qemu | =0.10.3 | |
QEMU qemu | =0.11.0-rc1 | |
QEMU qemu | =0.1.5 | |
QEMU qemu | =0.13.0 | |
QEMU qemu | =0.8.2 | |
QEMU qemu | =0.11.0-rc1 | |
QEMU qemu | =0.10.1 | |
QEMU qemu | =0.9.0 | |
QEMU qemu | =0.7.2 | |
QEMU qemu | =0.11.0-rc2 | |
QEMU qemu | =0.12.5 | |
QEMU qemu | =0.11.0 | |
QEMU qemu | =0.1.3 | |
QEMU qemu | =0.14.0-rc0 | |
QEMU qemu | =0.12.0-rc1 | |
QEMU qemu | =0.11.1 | |
QEMU qemu | =0.7.1 | |
QEMU qemu | =0.9.1-5 | |
QEMU qemu | =0.13.0-rc1 | |
QEMU qemu | =0.15.0-rc1 | |
QEMU qemu | <=0.14.0 | |
QEMU qemu | =0.12.0 | |
QEMU qemu | =0.14.1 | |
QEMU qemu | =0.8.1 | |
QEMU qemu | =0.11.0-rc2 | |
QEMU qemu | =0.10.0 | |
QEMU qemu | =0.4.1 | |
QEMU qemu | =0.12.3 | |
QEMU qemu | =0.1.1 | |
QEMU qemu | =0.7.0 | |
QEMU qemu | =0.11.0-rc0 | |
QEMU qemu | =0.1.4 | |
QEMU qemu | =0.9.1 | |
QEMU qemu | =0.6.0 | |
QEMU qemu | =0.6.1 | |
QEMU qemu | =0.14.0-rc2 | |
QEMU qemu | =0.10.6 | |
QEMU qemu | =0.14.0-rc1 | |
QEMU qemu | =0.11.0-rc0 | |
QEMU qemu | =0.4.3 | |
QEMU qemu | =0.1.2 | |
QEMU qemu | =0.12.4 | |
QEMU qemu | =0.10.5 | |
QEMU qemu | =0.10.4 | |
QEMU qemu | =0.10.2 | |
QEMU qemu | =0.15.0-rc2 | |
QEMU qemu | =0.12.1 | |
QEMU qemu | =0.8.0 | |
QEMU qemu | =0.1.0 | |
QEMU qemu | =0.2.0 | |
QEMU qemu | =0.3.0 | |
QEMU qemu | =0.4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.