[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: qemu: CVE-2016-7116

Hi Guido,

On Sun, 4 Sep 2016, Guido Günther wrote:
no-dsa should be used very scarcely in LTS since we don't have a s-p-u
to fix minor issues and reading the RedHat entry[1]:

yes, but ...

"A privileged user inside guest could use this flaw to access undue
files on the host."

... you should also cite:
"... host directory sharing via Plan 9 File System(9pfs) support ..."

The latest news on [1] is from 2008. I am not sure whether there are really that much installations in the wild that really use it.

I think we should well fix this vulnerability.

I still think it is not needed.

So qemu and qemu-kvm users: Do you use 9pfs on a Wheezy system?
(me does not)


[1] http://9p.cat-v.org/News

Reply to: