[pve-devel] CVE-2015-3456
Alexandre DERUMIER
aderumier at odiso.com
Thu May 14 08:12:08 CEST 2015
Yes, any qemu version is vunerable,
even if we don't create floppy inside the guest.
we should patch this as soon as possible
----- Mail original -----
De: "Eric Blevins" <ericlb100 at gmail.com>
À: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Mercredi 13 Mai 2015 18:44:08
Objet: [pve-devel] CVE-2015-3456
Is Proxmox vulnerable to CVE-2015-3456?
https://securityblog.redhat.com/tag/cve-2015-3456/
>From the article:
It can result in guest controlled execution of arbitrary code in, and
with privileges of, the corresponding QEMU process on the host. Worst
case scenario this can be guest to host exit with the root privileges.
Can we expect Proxmox to stop running KVM processes as root in the near future?
_______________________________________________
pve-devel mailing list
pve-devel at pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list