Bug 15929 - qemu new security issue CVE-2015-3456 (aka VENOM)
Summary: qemu new security issue CVE-2015-3456 (aka VENOM)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 4
Hardware: i586 Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/644256/
Whiteboard: has_procedure advisory mga4-32-ok mga...
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2015-05-13 16:25 CEST by David Walser
Modified: 2015-05-13 20:06 CEST (History)
1 user (show)

See Also:
Source RPM: qemu-1.6.2-1.9.mga4.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2015-05-13 16:25:40 CEST
RedHat has issued an advisory today (May 13);
https://rhn.redhat.com/errata/RHSA-2015-0999.html

The press has already caught wind of this issue, for example here:
http://www.zdnet.com/article/venom-security-flaw-millions-of-virtual-machines-datacenters/

Patched packages uploaded for Mageia 4 and Cauldron.

Advisory:
========================

Updated qemu packages fix security vulnerability:

An out-of-bounds memory access flaw was found in the way QEMU's virtual
Floppy Disk Controller (FDC) handled FIFO buffer access while processing
certain FDC commands. A privileged guest user could use this flaw to crash
the guest or, potentially, execute arbitrary code on the host with the
privileges of the host's QEMU process corresponding to the guest
(CVE-2015-3456).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456
https://rhn.redhat.com/errata/RHSA-2015-0999.html
========================

Updated packages in core/updates_testing:
========================
qemu-1.6.2-1.10.mga4
qemu-img-1.6.2-1.10.mga4

from qemu-1.6.2-1.10.mga4.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-05-13 16:26:28 CEST
Testing procedures:
https://bugs.mageia.org/show_bug.cgi?id=13096#c34
https://bugs.mageia.org/show_bug.cgi?id=6694#c3

Whiteboard: (none) => has_procedure

Comment 2 claire robinson 2015-05-13 17:24:48 CEST
Testing complete mga4 32 and 64

https://bugs.mageia.org/show_bug.cgi?id=13096#c34

Whiteboard: has_procedure => has_procedure mga4-32-ok mga4-64-ok

Comment 3 claire robinson 2015-05-13 17:31:14 CEST
Validating. Advisory uploaded.

Please push to 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: has_procedure mga4-32-ok mga4-64-ok => has_procedure advisory mga4-32-ok mga4-64-ok
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2015-05-13 17:54:45 CEST
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0220.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2015-05-13 20:06:09 CEST

URL: (none) => http://lwn.net/Vulnerabilities/644256/


Note You need to log in before you can comment on or make changes to this bug.