CVE-2016-9379

Priority
Low
Description
The pygrub boot loader emulator in Xen, when S-expression output format is
requested, allows local pygrub-using guest OS administrators to read or
delete arbitrary files on the host via string quotes and S-expressions in
the bootloader configuration file.
References
Notes
 mdeslaur> This is XSA-198
 tyhicks> issue present in xen-utils-4.x binary packages which are in
  universe
Package
Source: xen (LP Ubuntu Debian)
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [4.1.6.1-0ubuntu0.12.04.13])
Ubuntu 14.04 LTS (Trusty Tahr):released (4.4.2-0ubuntu0.14.04.9)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.6.0-1ubuntu4.3)
Ubuntu 17.04 (Zesty Zapus):released (4.8.0-1ubuntu1)
Ubuntu 17.10 (Artful Aardvark):released (4.8.0-1ubuntu1)
More Information

Updated: 2017-12-14 20:06:54 UTC (commit 13907)