qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] qemu block-qcow.c block-qcow2.c block-vmdk.c bl...


From: Fabrice Bellard
Subject: Re: [Qemu-devel] qemu block-qcow.c block-qcow2.c block-vmdk.c bl...
Date: Tue, 11 Mar 2008 18:30:29 +0100
User-agent: Thunderbird 2.0.0.5 (X11/20070727)

IMHO it would be much simpler to do all the tests in the block format handlers.

Fabrice.

Aurelien Jarno wrote:
CVSROOT:        /sources/qemu
Module name:    qemu
Changes by:     Aurelien Jarno <aurel32>  08/03/11 17:17:59

Modified files:
. : block-qcow.c block-qcow2.c block-vmdk.c block.c block.h block_int.h
Log message:
        Fix CVE-2008-0928 - insufficient block device address range checking
        
        Qemu 0.9.1 and earlier does not perform range checks for block device
        read or write requests, which allows guest host users with root
        privileges to access arbitrary memory and escape the virtual machine.

CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/qemu/block-qcow.c?cvsroot=qemu&r1=1.15&r2=1.16
http://cvs.savannah.gnu.org/viewcvs/qemu/block-qcow2.c?cvsroot=qemu&r1=1.10&r2=1.11
http://cvs.savannah.gnu.org/viewcvs/qemu/block-vmdk.c?cvsroot=qemu&r1=1.19&r2=1.20
http://cvs.savannah.gnu.org/viewcvs/qemu/block.c?cvsroot=qemu&r1=1.54&r2=1.55
http://cvs.savannah.gnu.org/viewcvs/qemu/block.h?cvsroot=qemu&r1=1.6&r2=1.7
http://cvs.savannah.gnu.org/viewcvs/qemu/block_int.h?cvsroot=qemu&r1=1.16&r2=1.17








reply via email to

[Prev in Thread] Current Thread [Next in Thread]