Mageia Bugzilla – Bug 12494
qemu new security issue CVE-2013-4377
Last modified: 2014-02-12 18:46:41 CET
Ubuntu has issued an advisory on January 30:
This issue was *not* fixed in 1.6.2, though the release announcement is here:
It was, however, fixed in this Fedora commit with patches 106-116:
The version in Mageia 3 is too old to be affected, so only Mageia 4 is.
Steps to Reproduce:
Updated and patched packages uploaded for Mageia 4 and Cauldron.
Updated qemu packages fix security vulnerability:
Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging.
A local user could possibly use this flaw to cause a denial of service
Additionally, qemu has been updated to 1.6.2, fixing several other bugs.
Updated packages in core/updates_testing:
Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=6694#c3
Testing complete on Mageia 4 i586, following the procedure linked in comment 2.
No regressions found.
Using above procedure, everything ok.
Someone with commit right can upload advisory and validate.
Advisory uploaded, could a sysadmin push the update to core/updates for Mageia 4? Thanks!