Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storagebackendfs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "libvirt-doc": "1.2.2-0ubuntu13.1.16", "libvirt0-dbgsym": "1.2.2-0ubuntu13.1.16", "libvirt-dev-dbgsym": "1.2.2-0ubuntu13.1.16", "libvirt-dev": "1.2.2-0ubuntu13.1.16", "libvirt-bin-dbgsym": "1.2.2-0ubuntu13.1.16", "libvirt0": "1.2.2-0ubuntu13.1.16", "libvirt0-dbg": "1.2.2-0ubuntu13.1.16", "libvirt-bin": "1.2.2-0ubuntu13.1.16" } ] }