Ubuntu has issued an advisory on January 30:
This issue was *not* fixed in 1.6.2, though the release announcement is here:
It was, however, fixed in this Fedora commit with patches 106-116:
The version in Mageia 3 is too old to be affected, so only Mageia 4 is.
Steps to Reproduce:
Updated and patched packages uploaded for Mageia 4 and Cauldron.
Updated qemu packages fix security vulnerability:
Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging.
A local user could possibly use this flaw to cause a denial of service
Additionally, qemu has been updated to 1.6.2, fixing several other bugs.
Updated packages in core/updates_testing:
Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=6694#c3
Testing complete on Mageia 4 i586, following the procedure linked in comment 2.
No regressions found.
Using above procedure, everything ok.
Someone with commit right can upload advisory and validate.
has_procedure MGA4-32-OK =>
has_procedure MGA4-32-OK MGA4-64-OK
Advisory uploaded, could a sysadmin push the update to core/updates for Mageia 4? Thanks!
has_procedure MGA4-32-OK MGA4-64-OK =>
has_procedure MGA4-32-OK MGA4-64-OK advisoryCC: