Launchpad CVE tracker

CVE 2017-1000199

tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges.

Related bugs and status

CVE-2017-1000199 (Candidate) is related to these bugs:

Bug #1854362: [MIR] ceph-iscsi, tcmu, python-configshell-fb, python-rtslib-fb, urwid, targetcli-fb

		In	Importance	Status
1854362	[MIR] ceph-iscsi, tcmu, python-configshell-fb, python-rtslib-fb, urwid, targetcli-fb	ceph-iscsi (Ubuntu)	Undecided	In Progress
1854362	[MIR] ceph-iscsi, tcmu, python-configshell-fb, python-rtslib-fb, urwid, targetcli-fb	python-rtslib-fb (Ubuntu)	Undecided	Fix Released
1854362	[MIR] ceph-iscsi, tcmu, python-configshell-fb, python-rtslib-fb, urwid, targetcli-fb	tcmu (Ubuntu)	Undecided	Invalid
1854362	[MIR] ceph-iscsi, tcmu, python-configshell-fb, python-rtslib-fb, urwid, targetcli-fb	python-configshell-fb (Ubuntu)	Undecided	Fix Released
1854362	[MIR] ceph-iscsi, tcmu, python-configshell-fb, python-rtslib-fb, urwid, targetcli-fb	urwid (Ubuntu)	Undecided	Fix Released
1854362	[MIR] ceph-iscsi, tcmu, python-configshell-fb, python-rtslib-fb, urwid, targetcli-fb	targetcli-fb (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2017-1000199

References