| Summary: | qemu new DoS security issues CVE-2014-9718 and CVE-2015-1779 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | mageia, olchal, sysadmin-bugs |
| Version: | 4 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/640174/ | ||
| Whiteboard: | has_procedure advisory mga4-64-ok | ||
| Source RPM: | qemu-2.1.2-5.mga5.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2015-03-24 15:17:11 CET
Sander Lepik
2015-03-28 23:01:39 CET
CC:
(none) =>
mageia I resynced with Fedora 21 and both issues now have upstream fixes included to fix them in qemu-2.1.3-1.mga5. The Fedora 21 update is currently assigned to QA: https://admin.fedoraproject.org/updates/qemu-2.1.3-5.fc21 The RedHat bugs for these issues are here: https://bugzilla.redhat.com/show_bug.cgi?id=1204919 https://bugzilla.redhat.com/show_bug.cgi?id=1199572 They haven't addressed Fedora 20 yet (same version as Mageia 4), but the patch for the first issue applies with minimal rediffing effort and the patches for CVE-2015-1779 apply. Version:
Cauldron =>
4 Patched package uploaded for Mageia 4. Testing procedures: https://bugs.mageia.org/show_bug.cgi?id=13096#c34 https://bugs.mageia.org/show_bug.cgi?id=6694#c3 Advisory: ======================== Updated qemu packages fix security vulnerabilities: A denial of service flaw was found in the way QEMU handled malformed Physical Region Descriptor Table (PRDT) data sent to the host's IDE and/or AHCI controller emulation. A privileged guest user could use this flaw to crash the system (rhbz#1204919). It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU (CVE-2015-1779). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1779 https://bugzilla.redhat.com/show_bug.cgi?id=1204919 https://bugzilla.redhat.com/show_bug.cgi?id=1199572 ======================== Updated packages in core/updates_testing: ======================== qemu-1.6.2-1.8.mga4 qemu-img-1.6.2-1.8.mga4 from qemu-1.6.2-1.8.mga4.src.rpm Assignee:
joequant =>
qa-bugs Testing on Mageia4x64 real hardware, using procedure mentionned in comment 2 (https://bugs.mageia.org/show_bug.cgi?id=13096#c34) From current packages --------------------- qemu-1.6.2-1.7.mga4 qemu-img-1.6.2-1.7.mga4 Stage 2 of Mageia5 installation starting OK To updated testing packages : --------------------------- If I urpmi, it brings : qemu-1.6.2-1.9.mga4 qemu-img-1.6.2-1.9.mga4 though I was expecting 1.6.2-1.8 Anyway, version 1.6.2-1.9 runs well but is it the right packages to test ? CC:
(none) =>
olchal Indeed it is 1.9. My mistake :o) I forgot I had previously resynced with Fedora in SVN and had bumped the subrel then too. Fedora has issued an advisory for this on April 4: https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html Advisory: ======================== Updated qemu packages fix security vulnerabilities: A denial of service flaw was found in the way QEMU handled malformed Physical Region Descriptor Table (PRDT) data sent to the host's IDE and/or AHCI controller emulation. A privileged guest user could use this flaw to crash the system (rhbz#1204919). It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU (CVE-2015-1779). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1779 https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html URL:
(none) =>
http://lwn.net/Vulnerabilities/640174/
claire robinson
2015-04-14 14:18:55 CEST
Whiteboard:
has_procedure =>
has_procedure mga4-64-ok Validating. Advisory uploaded. Please push to 4 updates Thanks Keywords:
(none) =>
validated_update An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0149.html Status:
NEW =>
RESOLVED The rhbz#1204919 issue is now CVE-2014-9718: http://openwall.com/lists/oss-security/2015/04/21/5 Updated advisory... Advisory: ======================== Updated qemu packages fix security vulnerabilities: A denial of service flaw was found in the way QEMU handled malformed Physical Region Descriptor Table (PRDT) data sent to the host's IDE and/or AHCI controller emulation. A privileged guest user could use this flaw to crash the system (CVE-2014-9718). It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU (CVE-2015-1779). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9718 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1779 https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html Summary:
qemu new DoS security issues (including CVE-2015-1779) =>
qemu new DoS security issues CVE-2014-9718 and CVE-2015-1779 (In reply to David Walser from comment #8) > The rhbz#1204919 issue is now CVE-2014-9718: > http://openwall.com/lists/oss-security/2015/04/21/5 LWN reference: http://lwn.net/Vulnerabilities/644506/ |