Here are the RedHat bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1163075 https://bugzilla.redhat.com/show_bug.cgi?id=1169454 Fedora already has CVE-2014-7840 patches in git and their Fedora 20 update for that is currently in QA. I've committed that patch set in SVN in Mageia 4 and Cauldron, and it's building in Cauldron right now. CVE-2014-8106 was announced today (December 4) here: http://openwall.com/lists/oss-security/2014/12/04/8 Patches have been submitted and accepted upstream and I would imagine Fedora will have them in git shortly. I will submit an update when those are available. Reproducible: Steps to Reproduce:
Debian has issued advisories for CVE-2014-8106 today (December 4): https://www.debian.org/security/2014/dsa-3087 https://www.debian.org/security/2014/dsa-3088
URL: (none) => http://lwn.net/Vulnerabilities/624606/
For whatever reason, Fedora still hasn't added the CVE-2014-8106 patches in git, but the upstream patches apply cleanly and are what Debian used for their update. Patched packages uploaded for Mageia 4 and Cauldron. Testing procedures: https://bugs.mageia.org/show_bug.cgi?id=13096#c34 https://bugs.mageia.org/show_bug.cgi?id=6694#c3 Advisory: ======================== Updated qemu packages fix security vulnerabilities: During migration, the values read from migration stream during ram load are not validated. Especially offset in host_from_stream_offset() and also the length of the writes in the callers of the said function. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process (CVE-2014-7840). Paolo Bonzini of Red Hat discovered that the blit region checks were insufficient in the Cirrus VGA emulator in qemu. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process (CVE-2014-8106). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8106 https://bugzilla.redhat.com/show_bug.cgi?id=1163075 https://bugzilla.redhat.com/show_bug.cgi?id=1169454 https://www.debian.org/security/2014/dsa-3087 ======================== Updated packages in core/updates_testing: ======================== qemu-1.6.2-1.7.mga4 qemu-img-1.6.2-1.7.mga4 from qemu-1.6.2-1.7.mga4.src.rpm
Assignee: bugsquad => qa-bugsWhiteboard: (none) => has_procedure
Testing on Mageia4x32 realhardware From current packages : -------------------- qemu-1.6.2-1.5.mga4 qemu-img-1.6.2-1.5.mga4 Using kvm-qemu through virt-manager, created a mageia4-32 virtual machine Could boot in new machine, use internet, create a snapshot, stop, restart, revert to snapshot. To updated testing packages : -------------------------- qemu-1.6.2-1.7.mga4 qemu-img-1.6.2-1.7.mga4 Could connect to previous virtual machine, use previous snapshot... Deleted virtual machine and created a new one. All OK here.
CC: (none) => olchalWhiteboard: has_procedure => has_procedure MGA4-32-OK
MGA4-64 on HP Probook 6555b Used approach of Pascal Terjan in bug13096 Comment 34 Installation started of Mageia 5 in Qemu. I let it run in the first stages (loading, language, license agreeing) until it starts looking for a valid disk drive, but does not find one. But I suppose this is far enough to demanstrate thar Qemu works OK.
CC: (none) => herman.viaeneWhiteboard: has_procedure MGA4-32-OK => has_procedure MGA4-32-OK MGA4-64-OK
Also works fine for me on Mageia 4 i586 running a Debian 7 VM. This can be validated.
Validating. Advisory uploaded. Please push to updates Thanks
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA4-32-OK MGA4-64-OK => has_procedure advisory MGA4-32-OK MGA4-64-OKCC: (none) => sysadmin-bugs
LWN reference for CVE-2014-7840: http://lwn.net/Vulnerabilities/626064/ Fedora has pushed one of their updates for it: https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145918.html
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0525.html
Status: NEW => RESOLVEDResolution: (none) => FIXED