At 1215850041 time_t, Steffen Joeris wrote: > CVE-2008-2004[0]: > | The drive_init function in QEMU 0.9.1 determines the format of a raw > | disk image based on the header, which allows local guest users to read > | arbitrary files on the host by modifying the header to identify a > | different format, which is used when the guest is restarted. > > The patch for qemu can be found here[1]. > > If you fix the vulnerability please also make sure to include the > CVE id in your changelog entry.
I took a look on Fedora repository, and I got this for Fedora 7 (Xen 3.0): http://cvs.fedora.redhat.com/viewcvs/*checkout*/rpms/xen/F-7/xen-qemu-block-no-auto-format.patch?root=extras&rev=1.1&sortby=date this for Fedora 8 (Xen 3.1): http://cvs.fedora.redhat.com/viewcvs/*checkout*/rpms/xen/F-8/xen-qemu-block-no-auto-format.patch?root=extras Reading Xen 3.2.1 source code, I can't see any link with this format stuff. However I can be wrong. So I'm not sure sid/lenny version is vulnerable. Cheers, -- Julien Danjou .''`. Debian Developer : :' : http://julien.danjou.info `. `' http://people.debian.org/~acid `- 9A0D 5FD9 EB42 22F6 8974 C95C A462 B51E C2FE E5CD
signature.asc
Description: Digital signature