Re: [Qemu-devel] qemu block-qcow.c block-qcow2.c block-vmdk.c bl...

Tue, 11 Mar 2008 15:23:48 -0700 

Fabrice Bellard a écrit :
> IMHO it would be much simpler to do all the tests in the block format
> handlers.
> 

Do you mean move all the tests into block-{qcow,qcow2,vmdk}.c ?


> Aurelien Jarno wrote:
>> CVSROOT:    /sources/qemu
>> Module name:    qemu
>> Changes by:    Aurelien Jarno <aurel32>    08/03/11 17:17:59
>>
>> Modified files:
>>     .              : block-qcow.c block-qcow2.c block-vmdk.c block.c
>>                      block.h block_int.h
>> Log message:
>>     Fix CVE-2008-0928 - insufficient block device address range checking
>>     
>>     Qemu 0.9.1 and earlier does not perform range checks for block device
>>     read or write requests, which allows guest host users with root
>>     privileges to access arbitrary memory and escape the virtual machine.
>>
>> CVSWeb URLs:
>> http://cvs.savannah.gnu.org/viewcvs/qemu/block-qcow.c?cvsroot=qemu&r1=1.15&r2=1.16
>>
>> http://cvs.savannah.gnu.org/viewcvs/qemu/block-qcow2.c?cvsroot=qemu&r1=1.10&r2=1.11
>>
>> http://cvs.savannah.gnu.org/viewcvs/qemu/block-vmdk.c?cvsroot=qemu&r1=1.19&r2=1.20
>>
>> http://cvs.savannah.gnu.org/viewcvs/qemu/block.c?cvsroot=qemu&r1=1.54&r2=1.55
>>
>> http://cvs.savannah.gnu.org/viewcvs/qemu/block.h?cvsroot=qemu&r1=1.6&r2=1.7
>>
>> http://cvs.savannah.gnu.org/viewcvs/qemu/block_int.h?cvsroot=qemu&r1=1.16&r2=1.17
>>
>>
>>
>>
> 
> 
> 
> 


-- 
  .''`.  Aurelien Jarno             | GPG: 1024D/F1BCDB73
 : :' :  Debian developer           | Electrical Engineer
 `. `'   [EMAIL PROTECTED]         | [EMAIL PROTECTED]
   `-    people.debian.org/~aurel32 | www.aurel32.net

Reply via email to