Bug 15929

Summary: qemu new security issue CVE-2015-3456 (aka VENOM)
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: sysadmin-bugs
Version: 4Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/644256/
Whiteboard: has_procedure advisory mga4-32-ok mga4-64-ok
Source RPM: qemu-1.6.2-1.9.mga4.src.rpm CVE:
Status comment:

Description David Walser 2015-05-13 16:25:40 CEST 
RedHat has issued an advisory today (May 13);
https://rhn.redhat.com/errata/RHSA-2015-0999.html

The press has already caught wind of this issue, for example here:
http://www.zdnet.com/article/venom-security-flaw-millions-of-virtual-machines-datacenters/

Patched packages uploaded for Mageia 4 and Cauldron.

Advisory:
========================

Updated qemu packages fix security vulnerability:

An out-of-bounds memory access flaw was found in the way QEMU's virtual
Floppy Disk Controller (FDC) handled FIFO buffer access while processing
certain FDC commands. A privileged guest user could use this flaw to crash
the guest or, potentially, execute arbitrary code on the host with the
privileges of the host's QEMU process corresponding to the guest
(CVE-2015-3456).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456
https://rhn.redhat.com/errata/RHSA-2015-0999.html
========================

Updated packages in core/updates_testing:
========================
qemu-1.6.2-1.10.mga4
qemu-img-1.6.2-1.10.mga4

from qemu-1.6.2-1.10.mga4.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-05-13 16:26:28 CEST 
Testing procedures:
https://bugs.mageia.org/show_bug.cgi?id=13096#c34
https://bugs.mageia.org/show_bug.cgi?id=6694#c3

Whiteboard: (none) => has_procedure

Comment 2 claire robinson 2015-05-13 17:24:48 CEST 
Testing complete mga4 32 and 64

https://bugs.mageia.org/show_bug.cgi?id=13096#c34

Whiteboard: has_procedure => has_procedure mga4-32-ok mga4-64-ok

Comment 3 claire robinson 2015-05-13 17:31:14 CEST 
Validating. Advisory uploaded.

Please push to 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: has_procedure mga4-32-ok mga4-64-ok => has_procedure advisory mga4-32-ok mga4-64-ok
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2015-05-13 17:54:45 CEST 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0220.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2015-05-13 20:06:09 CEST

URL: (none) => http://lwn.net/Vulnerabilities/644256/