qemu 1.6.1 has been released, fixing a security issue with SCSI disk emulation: http://lists.nongnu.org/archive/html/qemu-stable/2013-10/msg00022.html According to RedHat, this also affects older versions of qemu and qemu-kvm: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4344 qemu-1.6.1-1.mga4 has fixed this for Cauldron. Mageia 2 and Mageia 3 are affected, but no patches are available for those qemu versions at this time. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA2TOO
Fedora has issued an advisory for this on October 8: https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119033.html
URL: (none) => http://lwn.net/Vulnerabilities/570339/
RedHat has issued an advisory for this today (November 21): https://rhn.redhat.com/errata/RHSA-2013-1553.html Patched packages uploaded for Mageia 2 and Mageia 3. Please note that this is a high-severity security issue :o) Advisory: ======================== Updated qemu packages fix security vulnerability: A buffer overflow flaw was found in the way QEMU processed the SCSI "REPORT LUNS" command when more than 256 LUNs were specified for a single SCSI target. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process (CVE-2013-4344). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4344 https://rhn.redhat.com/errata/RHSA-2013-1553.html ======================== Updated packages in core/updates_testing: ======================== qemu-1.0-6.6.mga2 qemu-img-1.0-6.6.mga2 qemu-1.2.0-8.3.mga3 qemu-img-1.2.0-8.3.mga3 from SRPMS: qemu-1.0-6.6.mga2.src.rpm qemu-1.2.0-8.3.mga3.src.rpm
Assignee: bugsquad => qa-bugs
CC: (none) => davidwhodginsWhiteboard: MGA2TOO => MGA2TOO advisory
Testing complete using virt-manager, on Mageia 2 and 3, i586 and x86_64. Could someone from the sysadmin team push 11422.adv to updates.
Keywords: (none) => validated_updateWhiteboard: MGA2TOO advisory => MGA2TOO advisory MGA3-64-OK MGA3-32-OK MGA2-64-OK MGA2-32-OKCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2013-0341.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED