CVE-2016-9379
Published: 23 January 2017
The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.
Notes
Author | Note |
---|---|
mdeslaur | This is XSA-198 |
tyhicks | issue present in xen-utils-4.x binary packages which are in universe |
Priority
CVSS 3 base score: 7.9
Status
Package | Release | Status |
---|---|---|
xen Launchpad, Ubuntu, Debian |
upstream |
Needed
|
precise |
Does not exist
(precise was released [4.1.6.1-0ubuntu0.12.04.13])
|
|
trusty |
Does not exist
(trusty was released [4.4.2-0ubuntu0.14.04.9])
|
|
xenial |
Released
(4.6.0-1ubuntu4.3)
|
|
yakkety |
Released
(4.7.0-0ubuntu2.1)
|
|
zesty |
Released
(4.8.0-1ubuntu1)
|
|
Binaries built from this source package are in Universe and so are supported by the community. |