On Thu, Jul 21, 2016 at 02:24:43AM +0000, Xulei (Stone) wrote: > Hi, > > A CVE(CVE-2014-3672) vulnerability was reported in Xen. > I want to know how to reproduce this CVE and whether the qemu-kvm was > affected ? > > Hyperlink: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3672 > Hyperlink: http://www.openwall.com/lists/oss-security/2016/05/24/5
Yes, QEMU is affected, but we did not fix it at the QEMU layer. Instead libvirt has introduced a virtlogd daemon to handle all writing of data to files. So QEMU now merely writes a pipe FD, and virtlogd takes care of file rotation. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
