Gentoo has issued an advisory on December 24: http://www.gentoo.org/security/en/glsa/glsa-201412-36.xml I had previously added the fix for CVE-2014-8131 in Cauldron and have now uploaded a patched package fixing CVE-2014-8135 and CVE-2014-8136. Only CVE-2014-8136 affects version 1.2.1 in Mageia 4. Patched package uploaded for Mageia 4. Advisory: ======================== Updated libvirt packages fix security vulnerability: The qemuDomainMigratePerform and qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors (CVE-2014-8136). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8136 http://www.gentoo.org/security/en/glsa/glsa-201412-36.xml ======================== Updated packages in core/updates_testing: ======================== libvirt0-1.2.1-1.4.mga4 libvirt-devel-1.2.1-1.4.mga4 libvirt-utils-1.2.1-1.4.mga4 from libvirt-1.2.1-1.4.mga4.src.rpm Reproducible: Steps to Reproduce:
Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=14192#c7
Whiteboard: (none) => has_procedure
On MGA-64: I find lib64virt0-1.2.1-1.4.mga4 and lib64virt-devel-1.2.1-1.4.mga4 in the repository, but no lib64virt-utils-1.2.1-1.4.mga4.
CC: (none) => herman.viaene
It's confusing with the lib name and the utils package. It will be named libvirt-utils even on a 64 bit system as it's not the library but just tools to work with the lib64virt library package. Does that make sense? The library itself has the 64 added but related packages *-utils, *-tools etc won't be.
Testing on Mageia4 x 32 real hardware, From current packages : --------------------- libvirt0-1.2.1-1.3.mga4 libvirt-devel-1.2.1-1.3.mga4 libvirt-utils-1.2.1-1.3.mga4 # systemctl start libvirtd # systemctl status -l libvirtd libvirtd.service - Virtualization daemon Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled) Active: active (running) Using virt-manager, connected to virtual-machine (Mageia4) previously set in former testing. Updated to testing packages : --------------------------- - libvirt-devel-1.2.1-1.4.mga4.i586 - libvirt-utils-1.2.1-1.4.mga4.i586 - libvirt0-1.2.1-1.4.mga4.i586 Rebooted # systemctl status -l libvirtd libvirtd.service - Virtualization daemon Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled) Active: active (running) Using virt-manager, could connect to previous VM. Deleted it. Created a new virtual machine, proceded to a new Mageia4 installation, booted ok, made some changes, created a snapshot. All OK
CC: (none) => olchalWhiteboard: has_procedure => has_procedure MGA4-32-OK
MGA4-64 on HP Probook 6555b KDE Installation OK. Virtula Manager runs, I can create a VM using the MGA5 Live iso, but this does not run (no bootable device). I will try classical iso.
MGA4-64 on HP Probook 6555b KDE I could install classical KDE 32 bit. Running it only works in safe mode, in normal mode it seems to choke somwhere at the graphical device. Also tried to make a VM boot from an MGA5 Live iso file. It boots, shows the first option screen (boot, install etc.), but then the display corrupts and nothing seems to happen anymore. For me, installation of libvrt is OK, the product .....
Whiteboard: has_procedure MGA4-32-OK => has_procedure MGA4-32-OK MGA4-64-OK
Validating. Advisory uploaded. Could sysadmin please push to 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA4-32-OK MGA4-64-OK => has_procedure advisory MGA4-32-OK MGA4-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0002.html
Status: NEW => RESOLVEDResolution: (none) => FIXED