[Qemu-devel] [Bug 1736376] Re: CVE-2017-7471 repeated?

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [Bug 1736376] Re: CVE-2017-7471 repeated?

From:	Greg Kurz
Subject:	[Qemu-devel] [Bug 1736376] Re: CVE-2017-7471 repeated?
Date:	Tue, 05 Dec 2017 13:10:23 -0000

When using the proxy backend, all accesses to the host filesystem are
handled by an external process running in a chroot() jail. No need to
bother about paths in this case.

CVE-2017-7471 is only applicable to the local backend, because accesses
are handled by QEMU directly in this case.


** Changed in: qemu
       Status: New => Invalid

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-7471

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1736376

Title:
  CVE-2017-7471 repeated?

Status in QEMU:
  Invalid

Bug description:
  In the hw/9pfs/9p-proxy.c file I can see the following which is
  changed because of CVE-2017-7471 in the hw/9pfs/9p-local.c. I might be
  wrong but I guess that should be changed as well.

  if(dir_path){
  v9fs_path_sprintf(target,"%s/%s",dir_path->data,name);
  }
  else{
  v9fs_path_sprintf(target,"%s",name);
  }

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1736376/+subscriptions

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [Bug 1736376] [NEW] CVE-2017-7471 repeated?, Rooney, 2017/12/05
- [Qemu-devel] [Bug 1736376] Re: CVE-2017-7471 repeated?, Greg Kurz <=

Prev by Date: Re: [Qemu-devel] [PATCH] migration: fix analyze-migration.py script with radix table
Next by Date: Re: [Qemu-devel] deadlock in rcu_init_lock() in usermode emulation
Previous by thread: [Qemu-devel] [Bug 1736376] [NEW] CVE-2017-7471 repeated?
Next by thread: [Qemu-devel] [PATCH 0/9] blockdev: fix QMP 'transaction' with IOThreads
Index(es):
- Date
- Thread