Upstream has issued an advisory on January 22: http://security.libvirt.org/2015/0001.html Patched packages uploaded for Mageia 4 and Cauldron. Advisory: ======================== Updated libvirt packages fix security vulnerability: The XML getters for for save images and snapshots objects don't check ACLs for the VIR_DOMAIN_XML_SECURE flag and might possibly dump security sensitive information. A remote attacker able to establish a connection to libvirtd could use this flaw to cause leak certain limited information from the domain xml file (CVE-2015-0236). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0236 https://bugzilla.redhat.com/show_bug.cgi?id=1184431 http://security.libvirt.org/2015/0001.html ======================== Updated packages in core/updates_testing: ======================== libvirt0-1.2.1-1.5.mga4 libvirt-devel-1.2.1-1.5.mga4 libvirt-utils-1.2.1-1.5.mga4 from libvirt-1.2.1-1.5.mga4.src.rpm Reproducible: Steps to Reproduce:
Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=14192#c7
Whiteboard: (none) => has_procedure
Testing on Mageia4x32, real hardware From current packages : --------------------- libvirt0-1.2.1-1.4.mga4 libvirt-utils-1.2.1-1.4.mga4 # systemctl start libvirtd # systemctl status -l libvirtd libvirtd.service - Virtualization daemon Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; disabled) Active: active (running) since mar. 2015-01-27 16:21:19 CET; 6s ago Using virt-manager, launched pre-existing virtual-machine (mageia4). # systemctl stop libvirtd To updated testing packages : --------------------------- libvirt0-1.2.1-1.5.mga4 libvirt-utils-1.2.1-1.5.mga4 # systemctl start libvirtd # systemctl status -l libvirtd libvirtd.service - Virtualization daemon Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled) Active: active (running) since mar. 2015-01-27 16:26:26 CET; 1min 7s ago Using virt-manager, launched same virtual-machine, took snapshots, deleted one, reverted to previous snapshot, All OK
Whiteboard: has_procedure => has_procedure MGA4-32-OKCC: (none) => olchal
Help me understand this package olivier. What package are you installing? [root@localhost wilcal]# urpmi libvert No package named libvert [root@localhost wilcal]# urpmi libvert0 No package named libvert0 Going through the MCC -> Software Mangement and searching on "libvert" there are lots of packages libvert* but none of them libvert or libvert0 Thanks
CC: (none) => wilcal.int
First you need to spell it correctly. The other common source of confusion is that libvirt is not a library, but libvirt0 is, so on x86_64, only the libvirt0 has a lib64 at the beginning of its name, not libvirt (or libvirt-utils).
(In reply to olivier charles from comment #2) > Using virt-manager, launched same virtual-machine, took snapshots, deleted > one, reverted to previous snapshot default install of libvirt0 libvirt-utils [root@localhost wilcal]# urpmi libvirt0 Package libvirt0-1.2.1-1.4.mga4.i586 is already installed [root@localhost wilcal]# urpmi libvirt-utils Package libvirt-utils-1.2.1-1.4.mga4.x86_64 is already installed [root@localhost wilcal]# systemctl start libvirtd [root@localhost wilcal]# systemctl status -l libvirtd libvirtd.service - Virtualization daemon Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled) Active: active (running) since Tue 2015-01-27 09:48:59 PST; 12s ago [root@localhost wilcal]# virt-manager bash: virt-manager: command not found And how do I launch the "virt-manager". It's not in the launch menu.
(In reply to William Kenney from comment #5) > And how do I launch the "virt-manager". It's not in the launch menu. It's a separate package : # urpmi virt-manager should do it.
In addition, you will have to install qemu if you don't have it already on your system.
(In reply to olivier charles from comment #7) > In addition, you will have to install qemu if you don't have it already on > your system. [root@localhost wilcal]# urpmi gemu No package named gemu MCC -> Software Manager Search finds no package named "gemu" A serch of the entire M4 repo resulted in no package named "gemu" found.
William, please read more carefully.
(In reply to David Walser from comment #9) > William, please read more carefully. Ok, better put install virt-manager which when launched will then ask for additional Software to be installed: gemu & libvirt-utils Allow the install and the following is displayed Error talking to PackageKit: GDBus.Error:org.freedesktop.PackageKit.Modify.internalError: failed to resolve: The backend exited unexpectedly. This is a serious error as the spawned backend did not complete the pending transaction.
It's qemu, and install it through your normal means of installing packages. PackageKit is broken.
Ok, I wonder. I'm do'n this in a Vbox client which cannot support a Vbox host. So gemu is another Virtual Manager. I bet olivier is running on real hardware. I'm not so sure I can run a VM inside a VM client.
http://en.wikipedia.org/wiki/QEMU
Testing complete mga4 64
Whiteboard: has_procedure MGA4-32-OK => has_procedure MGA4-32-OK mga4-64-ok
Validating. Advisory uploaded. Please push to 4 updates Thanks
CC: (none) => sysadmin-bugsKeywords: (none) => validated_updateWhiteboard: has_procedure MGA4-32-OK mga4-64-ok => has_procedure advisory MGA4-32-OK mga4-64-ok
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0046.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
URL: (none) => http://lwn.net/Vulnerabilities/631504/