[libvirt] CVE-2013-6456 Re: [PATCHv2 0/7] lxc: honor mount namespaces
On 12/23/2013 10:55 PM, Eric Blake wrote:
We are still awaiting a CVE number to be assigned,
Wow, that was fast. I just learned that this is assigned CVE-2013-6456.
but Reco
reported in Debian bug #732394 that a malicious guest could
cause virDomainShutdown and virDomainReboot to cause the
host to misbehave, if the host blindly follows symlinks in
its own mount namespace instead of the guest's namespace.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 604 bytes)