Novell Home

CVE-2012-2652

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-2652 at MITRE

Description

The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file.

NVD CVSS v2 Base Score: 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 764526

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Studio Extension for System z 1.2
  • kvm >= 0.12.5-1.24.1
studioonsite1.2.s390x
SAT Patch Nr: 6757
SLE 11 SP2 DEBUGINFO
  • kvm-debuginfo >= 0.15.1-0.21.1
  • kvm-debugsource >= 0.15.1-0.21.1
sles11-sp2.x86-64
sled11-sp2.x86
sles11-sp2.x86
sled11-sp2.x86-64
SAT Patch Nr: 6455
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Server 11 SP2
  • kvm >= 0.15.1-0.21.1
sles11-sp2.x86-64
sled11-sp2.x86
sles11-sp2.x86
sled11-sp2.x86-64
SAT Patch Nr: 6455

© 2014 Novell