Comment 104 for bug 1996188
Revision history for this message
| Arnaud Morin (arnaud-morin) wrote Re: Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951) | #104 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
4d1350f
(Get the code!)
Hi Thomas,
The default values ['streamOptimized', 'monolithicSparse'] are safe. Only these values are safe.
One of the *unsafe* value is: 'monolithicFlat'. This one should be discarded by the convert functions. This is what the patches are doing.
One of the VMDK (official?) documentation can be read here:
https:/
Maybe that could be nice to have it in the config desc?