1
PublicDateAtUSN: 2010-08-19
2
Candidate: CVE-2010-2237
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2237
6
https://usn.ubuntu.com/usn/usn-1008-1
8
Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores
9
without referring to the user-defined main disk format, which might allow
10
guest OS users to read arbitrary files on the host OS, and possibly have
11
unspecified other impact, via unknown vectors.
14
jdstrand> AppArmor 10.04 should mostly protect the host OS, but an attacker in
15
a virtual machine may be able to access files of another machine.
16
jdstrand> upstream patch is highly intrusive, needs rewriting for all affected
17
releases, requires a conffile change and a migration helper.
18
jdstrand> Ubuntu 10.04 LTS is the first release to probe the backing stores
25
Tags_libvirt: apparmor
26
upstream_libvirt: released (0.8.3-1)
28
hardy_libvirt: not-affected
29
jaunty_libvirt: not-affected
30
karmic_libvirt: not-affected
31
lucid_libvirt: released (0.7.5-5ubuntu27.5)
32
maverick_libvirt: released (0.8.3-1ubuntu8)
33
devel_libvirt: released (0.8.3-1ubuntu8)