[libvirt] CVE-2013-6456 Re: [PATCHv2 0/7] lxc: honor mount namespaces
Eric Blake
eblake at redhat.com
Tue Dec 24 06:00:43 UTC 2013
On 12/23/2013 10:55 PM, Eric Blake wrote:
> We are still awaiting a CVE number to be assigned,
Wow, that was fast. I just learned that this is assigned CVE-2013-6456.
> but Reco
> reported in Debian bug #732394 that a malicious guest could
> cause virDomainShutdown and virDomainReboot to cause the
> host to misbehave, if the host blindly follows symlinks in
> its own mount namespace instead of the guest's namespace.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 604 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20131223/51d8a179/attachment-0001.sig>
More information about the libvir-list
mailing list