Launchpad CVE tracker

CVE 2010-2239

Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors.

Related bugs and status

CVE-2010-2239 (Candidate) is related to these bugs:

Bug #578527: map serial port throws "chardev: opening backend "tty" failed"

		In	Importance	Status
578527	map serial port throws "chardev: opening backend "tty" failed"	libvirt (Ubuntu)	Low	Fix Released
578527	map serial port throws "chardev: opening backend "tty" failed"	libvirt	Medium	Won't Fix
578527	map serial port throws "chardev: opening backend "tty" failed"	libvirt (Ubuntu Lucid)	Low	Won't Fix
578527	map serial port throws "chardev: opening backend "tty" failed"	libvirt (Ubuntu Maverick)	Low	Fix Released

Bug #585964: VMs won't start after purging apparmor

Summary				In	Importance	Status
	585964	VMs won't start after purging apparmor		libvirt (Ubuntu)	Low	Fix Released

Bug #588369: can't disable AppArmor via qemu.conf

Summary				In	Importance	Status
	588369	can't disable AppArmor via qemu.conf		libvirt (Ubuntu)	Low	Fix Released

Bug #609055: problems with using parallel port

Summary				In	Importance	Status
	609055	problems with using parallel port		libvirt (Ubuntu)	Undecided	Fix Released

Bug #613549: does not support cloning vm storage on lvm backend

Summary				In	Importance	Status
	613549	does not support cloning vm storage on lvm backend		libvirt (Ubuntu)	Low	Fix Released
	613549	does not support cloning vm storage on lvm backend		virt-manager (Ubuntu)	Undecided	Invalid

Bug #656173: libvirt no longer probes chained backing stores

Summary				In	Importance	Status
	656173	libvirt no longer probes chained backing stores		libvirt (Ubuntu)	Undecided	Won't Fix
	656173	libvirt no longer probes chained backing stores		Release Notes for Ubuntu	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-2239

References