RedHat has issued an advisory on July 22: https://rhn.redhat.com/errata/RHSA-2013-1100.html Patched packages uploaded for Mageia 3 and Cauldron. Mageia 2's version doesn't seem to contain the affected code, which is weird, because the version in RHEL6 is older. Perhaps the affected code was actually added to RHEL 6's version by one of the other 3883 patches they had previously added. Advisory: ======================== Updated qemu packages fix security vulnerability: An unquoted search path flaw was found in the way the QEMU Guest Agent service installation was performed on Windows. Depending on the permissions of the directories in the unquoted search path, a local, unprivileged user could use this flaw to have a binary of their choosing executed with SYSTEM privileges (CVE-2013-2231). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2231 https://rhn.redhat.com/errata/RHSA-2013-1100.html ======================== Updated packages in core/updates_testing: ======================== qemu-1.2.0-8.2.mga3 qemu-img-1.2.0-8.2.mga3 from qemu-1.2.0-8.2.mga3.src.rpm Reproducible: Steps to Reproduce:
Testing complete mga3 64 Installed mga3 dualcd with virt-manager
Whiteboard: (none) => mga3-64-ok
Testing complete mga3 32 Validating. Advisory from comment 0 uploaded. Could sysadmin please push from 3 core/updates_testing to core/updates. Thanks!
Keywords: (none) => validated_updateWhiteboard: mga3-64-ok => mga3-64-ok mga3-32-okCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2013-0235.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED