Re: qemu: CVE-2016-7116
Hi Guido,
On Sun, 4 Sep 2016, Guido Günther wrote:
no-dsa should be used very scarcely in LTS since we don't have a s-p-u
to fix minor issues and reading the RedHat entry[1]:
yes, but ...
"A privileged user inside guest could use this flaw to access undue
files on the host."
... you should also cite:
"... host directory sharing via Plan 9 File System(9pfs) support ..."
The latest news on [1] is from 2008. I am not sure whether there are
really that much installations in the wild that really use it.
I think we should well fix this vulnerability.
I still think it is not needed.
So qemu and qemu-kvm users: Do you use 9pfs on a Wheezy system?
(me does not)
Thorsten
[1] http://9p.cat-v.org/News
Reply to: