24 Dec
2013
24 Dec
'13
7 a.m.
On 12/23/2013 10:55 PM, Eric Blake wrote:
We are still awaiting a CVE number to be assigned,
Wow, that was fast. I just learned that this is assigned CVE-2013-6456.
but Reco reported in Debian bug #732394 that a malicious guest could cause virDomainShutdown and virDomainReboot to cause the host to misbehave, if the host blindly follows symlinks in its own mount namespace instead of the guest's namespace.
-- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org