Source: qemu Version: 1:2.8+dfsg-1 Severity: grave Tags: security upstream Hi,
the following vulnerability was published for qemu. Rationale: I'm raising the issue for now as grave severity, since a privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. But note as well, that the original proposed patch is not fixing the issue, so upstream is still working on a fix[1]. CVE-2016-9602[0]: 9p: virtfs allows guest to access host filesystem If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-9602 [1] http://www.openwall.com/lists/oss-security/2017/01/17/14 [2] https://bugzilla.redhat.com/show_bug.cgi?id=1413929 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
