CVE-2016-9379

Priority
Description
The pygrub boot loader emulator in Xen, when S-expression output format is
requested, allows local pygrub-using guest OS administrators to read or
delete arbitrary files on the host via string quotes and S-expressions in
the bootloader configuration file.
Notes
mdeslaurThis is XSA-198
tyhicksissue present in xen-utils-4.x binary packages which are in
universe
Package
Source: xen (LP Ubuntu Debian)
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [4.1.6.1-0ubuntu0.12.04.13])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [4.4.2-0ubuntu0.14.04.9])
Ubuntu 16.04 LTS (Xenial Xerus):released (4.6.0-1ubuntu4.3)
Binaries built from this source package are in universe and so are supported by the community. For more details see https://wiki.ubuntu.com/SecurityTeam/FAQ#Official_Support
More Information

Updated: 2020-03-18 22:47:01 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)