CVE-2008-1945

Common Vulnerabilities and Exposures

CVE-2008-1945 at MITRE

Details

QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.

Novell Bugzilla entry: 362956

SUSE Security Advisories:

SUSE-SR:2009:008 , published Mon, 06 Apr 2009 15:00:00 +0000

Product(s)	Fixed package version(s)	References
openSUSE 10.3	`qemu >= 0.10.1-0.1`
openSUSE 11.0	`qemu-debuginfo >= 0.10.1-0.1` `qemu-debugsource >= 0.10.1-0.1`	SAT Patch Nr: 691
openSUSE 11.0	`qemu >= 0.10.1-0.1`	SAT Patch Nr: 691
openSUSE 11.1	`qemu-debuginfo >= 0.10.1-0.1.1` `qemu-debugsource >= 0.10.1-0.1.1`	SAT Patch Nr: 691
openSUSE 11.1	`qemu >= 0.10.1-0.1.1`	SAT Patch Nr: 691
SLE SDK 10 SP2 for IPF SLE SDK 10 SP2 for X86-64 SLE SDK 10 SP2 for x86 SUSE Linux Enterprise Desktop Thin Client for x86	`qemu >= 0.8.2-37.9`	sles10-sp2-sdk. ia64 SUSE Linux Enterprise Thin Client 10 SP2 x86 sles10-sp2-sdk. x86 sles10-sp2-sdk. x86-64 ZYPP Patch Nr: 6127
SLES 11 DEBUGINFO	`qemu-debuginfo >= 0.10.1-0.1.1` `qemu-debugsource >= 0.10.1-0.1.1`	sle11-debuginfo. x86 sle11-debuginfo. x86-64 sle11-debuginfo. x86-64 sle11-debuginfo. x86 SAT Patch Nr: 692
SLE 11	`qemu >= 0.10.1-0.1.1`	sle11-debuginfo. x86 sle11-debuginfo. x86-64 sle11-debuginfo. x86-64 sle11-debuginfo. x86 SAT Patch Nr: 692