CVE-2008-1945

Priority
Description
QEMU 0.9.0 does not properly handle changes to removable media, which
allows guest OS users to read arbitrary files on the host OS by using the
diskformat: parameter in the -usbdevice option to modify the disk-image
header to identify a different format, a related issue to CVE-2008-2004.
Notes
keesthis follows CVE-2008-2004 chronologically.
xen-utils-3.x is in universe.
mdeslaurpatch is xen-qemu-usbdisk-no-auto-format.patch in RHEL5
Package
Source: kvm (LP Ubuntu Debian)
Upstream:needs-triage
Package
Source: qemu (LP Ubuntu Debian)
Upstream:needs-triage
Patches:
Vendor:http://www.mandriva.com/security/advisories?name=MDVSA-2008:162
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Patches:
Vendor:http://people.ubuntu.com/~kees/qemu/xen-qemu-usbdisk-no-auto-format-CVE-2008-1945.patch
Binaries built from this source package are in universe and so are supported by the community. For more details see https://wiki.ubuntu.com/SecurityTeam/FAQ#Official_Support
Package
Upstream:needs-triage
Patches:
Vendor:http://people.ubuntu.com/~kees/qemu/xen-qemu-usbdisk-no-auto-format-CVE-2008-1945.patch
Binaries built from this source package are in universe and so are supported by the community. For more details see https://wiki.ubuntu.com/SecurityTeam/FAQ#Official_Support
Package
Upstream:not-affected
More Information

Updated: 2020-07-28 19:38:26 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)