Fedora has issued an advisory on August 13: https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163921.html CVE-2015-5165 also affects Mageia 4 and Mageia 5. CVE-2015-5166 might not. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA5TOO, MGA4TOO
Another CVE has been announced, CVE-2015-5225: http://openwall.com/lists/oss-security/2015/08/21/6
Summary: qemu new security issues CVE-2015-5165 and CVE-2015-5166 => qemu new security issues CVE-2015-5165, CVE-2015-5166, and CVE-2015-5225
(In reply to David Walser from comment #1) > Another CVE has been announced, CVE-2015-5225: > http://openwall.com/lists/oss-security/2015/08/21/6 LWN reference: http://lwn.net/Vulnerabilities/655844/ Ubuntu has issued an advisory for this today (August 27): http://www.ubuntu.com/usn/usn-2724-1/
Our previous update was missing part of the patch for CVE-2015-3209. I've added that piece to our previous patch. Patches from Fedora added to fix CVE-2015-5165 and CVE-2015-5225, as well as a spice segfault (rhbz#1255899). CVE-2015-5166 indeed does not affect us, and CVE-2015-5225 does not affect Mageia 4.
Summary: qemu new security issues CVE-2015-5165, CVE-2015-5166, and CVE-2015-5225 => qemu new security issues CVE-2015-5165 and CVE-2015-5225
Fedora has issued an advisory for CVE-2015-5165 on September 1: https://lists.fedoraproject.org/pipermail/package-announce/2015-September/165305.html Fedora has an update for CVE-2015-5225 on QA: https://bodhi.fedoraproject.org/updates/FEDORA-2015-14785
Patched packages uploaded for Mageia 4, Mageia 5, and Cauldron. Advisory to come later. Testing procedures: https://bugs.mageia.org/show_bug.cgi?id=13096#c34 https://bugs.mageia.org/show_bug.cgi?id=6694#c3 Updated packages in core/updates_testing: ======================== qemu-1.6.2-1.13.mga4 qemu-img-1.6.2-1.13.mga4 qemu-2.1.3-2.4.mga5 qemu-img-2.1.3-2.4.mga5 from SRPMS: qemu-1.6.2-1.13.mga4.src.rpm qemu-2.1.3-2.4.mga5.src.rpm
CC: (none) => joequantVersion: Cauldron => 5Assignee: joequant => qa-bugsWhiteboard: MGA5TOO, MGA4TOO => MGA4TOO has_procedure
A bugfix from last year was assigned CVE-2015-5239: http://openwall.com/lists/oss-security/2015/09/02/7 Only the Mageia 4 package is affected. It is patched and uploaded again. qemu-1.6.2-1.14.mga4 qemu-img-1.6.2-1.14.mga4 from qemu-1.6.2-1.14.mga4.src.rpm
Summary: qemu new security issues CVE-2015-5165 and CVE-2015-5225 => qemu new security issues CVE-2015-5165, CVE-2015-5225, and CVE-2015-5239
I added a patch for an infinite loop issue in e1000: http://openwall.com/lists/oss-security/2015/09/04/4 Not sure if it'll get a CVE, since a privileged user crashing the guest doesn't sound a security issue to me, but if it gets one, I'll add it to the advisory. Updated packages in core/updates_testing: ======================== qemu-1.6.2-1.15.mga4 qemu-img-1.6.2-1.15.mga4 qemu-2.1.3-2.5.mga5 qemu-img-2.1.3-2.5.mga5 from SRPMS: qemu-1.6.2-1.15.mga4.src.rpm qemu-2.1.3-2.5.mga5.src.rpm
(In reply to David Walser from comment #7) > I added a patch for an infinite loop issue in e1000: > http://openwall.com/lists/oss-security/2015/09/04/4 CVE-2015-6815 was assigned: http://openwall.com/lists/oss-security/2015/09/05/5
Summary: qemu new security issues CVE-2015-5165, CVE-2015-5225, and CVE-2015-5239 => qemu new security issues CVE-2015-5165, CVE-2015-5225, CVE-2015-5239, and CVE-2015-6815
In VirtualBox, M4, KDE, 32-bit Package(s) under test: qemu qemu-img default install of qemu qemu-img [root@localhost wilcal]# urpmi qemu Package qemu-1.6.2-1.12.mga4.i586 is already installed [root@localhost wilcal]# urpmi qemu-img Package qemu-img-1.6.2-1.12.mga4.i586 is already installed Using test proceedure: https://bugs.mageia.org/show_bug.cgi?id=13096#c34 create /home/wilcal/qemu1 into that copy M5 KDE i586 boot.iso using a terminal in /home/wilcal/qemu1 run: qemu-kvm -net user -net nic,model=virtio -cdrom boot.iso -boot d -m 512 boot.iso opens and runs. Choose HTTP server. Selected DHCP network connection. Selected a mirror for Mageia 4. Stage2 is started. Install begins. install qemu & qemu-img from updates_testing [root@localhost wilcal]# urpmi qemu Package qemu-1.6.2-1.12.mga4.i586 is already installed [root@localhost wilcal]# urpmi qemu-img Package qemu-img-1.6.2-1.12.mga4.i586 is already installed into /hoe/wilcal/gemu1 copy Mageia-5-LiveCD-KDE4-en-i586-CD.iso using a terminal in /home/wilcal/qemu1 run: qemu-kvm -net user -net nic,model=virtio -cdrom Mageia-5-LiveCD-KDE4-en-i586-CD.iso -boot d -m 512 iso opens and begins running the Live-CD.
CC: (none) => wilcal.intWhiteboard: MGA4TOO has_procedure => MGA4TOO has_procedure MGA4-32-OK
In VirtualBox, M4, KDE, 64-bit Package(s) under test: qemu qemu-img default install of qemu qemu-img [root@localhost wilcal]# urpmi qemu Package qemu-1.6.2-1.12.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi qemu-img Package qemu-img-1.6.2-1.12.mga4.x86_64 is already installed Using test proceedure: https://bugs.mageia.org/show_bug.cgi?id=13096#c34 create /home/wilcal/qemu1 into that copy M5 KDE i586 boot.iso using a terminal in /home/wilcal/qemu1 run: qemu-kvm -net user -net nic,model=virtio -cdrom boot.iso -boot d -m 512 boot.iso opens and runs. Choose HTTP server. Selected DHCP network connection. Selected a mirror for Mageia 5. Stage2 is started. Install begins. install qemu & qemu-img from updates_testing [root@localhost wilcal]# urpmi qemu Package qemu-1.6.2-1.15.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi qemu-img Package qemu-img-1.6.2-1.15.mga4.x86_64 is already installed into /hoe/wilcal/gemu1 copy Mageia-5-LiveCD-KDE4-en-i586-CD.iso using a terminal in /home/wilcal/qemu1 run: qemu-kvm -net user -net nic,model=virtio -cdrom Mageia-5-LiveCD-KDE4-en-i586-CD.iso -boot d -m 512 iso opens and begins running the Live-CD.
Whiteboard: MGA4TOO has_procedure MGA4-32-OK => MGA4TOO has_procedure MGA4-32-OK MGA4-64-OK
In VirtualBox, M5, KDE, 32-bit Package(s) under test: qemu qemu-img default install of qemu qemu-img [root@localhost qemu1]# urpmi qemu Package qemu-2.1.3-2.3.mga5.i586 is already installed [root@localhost qemu1]# urpmi qemu-img Package qemu-img-2.1.3-2.3.mga5.i586 is already installed Using test proceedure: https://bugs.mageia.org/show_bug.cgi?id=13096#c34 create /home/wilcal/qemu1 into that copy M5 KDE i586 boot.iso using a terminal in /home/wilcal/qemu1 run: qemu-kvm -net user -net nic,model=virtio -cdrom boot.iso -boot d -m 512 boot.iso opens and runs. Choose HTTP server. Selected DHCP network connection. Selected a mirror for Mageia 5. Stage2 is started. Install begins. install qemu & qemu-img from updates_testing [root@localhost wilcal]# urpmi qemu Package qemu-2.1.3-2.5.mga5.i586 is already installed [root@localhost wilcal]# urpmi qemu-img Package qemu-img-2.1.3-2.5.mga5.i586 is already installed into /hoe/wilcal/gemu1 copy Mageia-5-LiveCD-KDE4-en-i586-CD.iso using a terminal in /home/wilcal/qemu1 run: qemu-kvm -net user -net nic,model=virtio -cdrom Mageia-5-LiveCD-KDE4-en-i586-CD.iso -boot d -m 512 iso opens and begins running the Live-CD.
Whiteboard: MGA4TOO has_procedure MGA4-32-OK MGA4-64-OK => MGA4TOO has_procedure MGA4-32-OK MGA4-64-OK MGA5-32-OK
In VirtualBox, M5, KDE, 64-bit Package(s) under test: qemu qemu-img default install of qemu qemu-img [root@localhost qemu1]# urpmi qemu Package qemu-2.1.3-2.3.mga5.x86_64 is already installed [root@localhost qemu1]# urpmi qemu-img Package qemu-img-2.1.3-2.3.mga5.x86_64 is already installed Using test proceedure: https://bugs.mageia.org/show_bug.cgi?id=13096#c34 create /home/wilcal/qemu1 into that copy M5 KDE i586 boot.iso using a terminal in /home/wilcal/qemu1 run: qemu-kvm -net user -net nic,model=virtio -cdrom boot.iso -boot d -m 512 boot.iso opens and runs. Choose HTTP server. Selected DHCP network connection. Selected a mirror for Mageia 5. Stage2 is started. Install begins. install qemu & qemu-img from updates_testing [root@localhost wilcal]# urpmi qemu Package qemu-2.1.3-2.5.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi qemu-img Package qemu-img-2.1.3-2.5.mga5.x86_64 is already installed into /hoe/wilcal/gemu1 copy Mageia-5-LiveCD-KDE4-en-i586-CD.iso using a terminal in /home/wilcal/qemu1 run: qemu-kvm -net user -net nic,model=virtio -cdrom Mageia-5-LiveCD-KDE4-en-i586-CD.iso -boot d -m 512 iso opens and begins running the Live-CD.
Whiteboard: MGA4TOO has_procedure MGA4-32-OK MGA4-64-OK MGA5-32-OK => MGA4TOO has_procedure MGA4-32-OK MGA4-64-OK MGA5-32-OK MGA5-64-OK
This update works fine. Testing complete for MGA4 & MGA5, 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push to updates. Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
CVE-2015-6855 was assigned for another issue: http://openwall.com/lists/oss-security/2015/09/10/2 Sorry for updating this again after you already tested it, but spice still needs to be tested anyway and it is tested with qemu, so it needs to be tested again anyway. I still need to write an advisory too. Updated packages in core/updates_testing: ======================== qemu-1.6.2-1.16.mga4 qemu-img-1.6.2-1.16.mga4 qemu-2.1.3-2.6.mga5 qemu-img-2.1.3-2.6.mga5 from SRPMS: qemu-1.6.2-1.16.mga4.src.rpm qemu-2.1.3-2.6.mga5.src.rpm
Keywords: validated_update => (none)Summary: qemu new security issues CVE-2015-5165, CVE-2015-5225, CVE-2015-5239, and CVE-2015-6815 => qemu new security issues CVE-2015-5165, CVE-2015-5225, CVE-2015-5239, CVE-2015-6815, and CVE-2015-6855Whiteboard: MGA4TOO has_procedure MGA4-32-OK MGA4-64-OK MGA5-32-OK MGA5-64-OK => MGA4TOO has_procedure
Advisory (Mageia 4): ======================== Updated qemu packages fix security vulnerabilities: Qemu emulator built with the RTL8139 emulation support is vulnerable to an information leakage flaw. It could occur while processing network packets under RTL8139 controller's C+ mode of operation. A guest user could use this flaw to read uninitialised Qemu heap memory up to 65K bytes (CVE-2015-5165). Qemu emulator built with the VNC display driver is vulnerable to an infinite loop issue. It could occur while processing a CLIENT_CUT_TEXT message with specially crafted payload message. A privileged guest user could use this flaw to crash the Qemu process on the host, resulting in DoS (CVE-2015-5239). Qemu emulator built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing transmit descriptor data when sending a network packet. A privileged user inside guest could use this flaw to crash the Qemu instance resulting in DoS (CVE-2015-6815). Qemu emulator built with the IDE disk and CD/DVD-ROM emulation support is vulnerable to a divide by zero issue. It could occur while executing an IDE command WIN_READ_NATIVE_MAX to determine the maximum size of a drive. A privileged user inside guest could use this flaw to crash the Qemu instance resulting in DoS (CVE-2015-6855). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5239 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6855 https://lists.fedoraproject.org/pipermail/package-announce/2015-September/165305.html http://openwall.com/lists/oss-security/2015/09/02/7 http://openwall.com/lists/oss-security/2015/09/05/5 http://openwall.com/lists/oss-security/2015/09/10/2 Advisory (Mageia 5): ======================== Updated qemu packages fix security vulnerabilities: Qemu emulator built with the RTL8139 emulation support is vulnerable to an information leakage flaw. It could occur while processing network packets under RTL8139 controller's C+ mode of operation. A guest user could use this flaw to read uninitialised Qemu heap memory up to 65K bytes (CVE-2015-5165). Qinghao Tang and Mr. Zuozhi discovered that QEMU incorrectly handled memory in the VNC display driver. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process (CVE-2015-5225). - Mageia 5 only Qemu emulator built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing transmit descriptor data when sending a network packet. A privileged user inside guest could use this flaw to crash the Qemu instance resulting in DoS (CVE-2015-6815). Qemu emulator built with the IDE disk and CD/DVD-ROM emulation support is vulnerable to a divide by zero issue. It could occur while executing an IDE command WIN_READ_NATIVE_MAX to determine the maximum size of a drive. A privileged user inside guest could use this flaw to crash the Qemu instance resulting in DoS (CVE-2015-6855). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5225 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6855 https://lists.fedoraproject.org/pipermail/package-announce/2015-September/165305.html http://www.ubuntu.com/usn/usn-2724-1/ http://openwall.com/lists/oss-security/2015/09/05/5 http://openwall.com/lists/oss-security/2015/09/10/2
mga5 x86_64 Installed packages : spice-client-0.12.5-2.1.mga5 lib64spice-server1-0.12.5-2.1.mga5 qemu-2.1.3-2.6.mga5.x86_64.rpm qemu-img-2.1.3-2.6.mga5.x86_64.rpm qemu : Test procedure from https://bugs.mageia.org/show_bug.cgi?id=13096#c34 : OK. qemu + spice : guest : cauldron x86_64 (virt-manager) On the host : spicec -h 127.0.0.1 -p 5900 - guest console display OK - start prefdm on guest, X display OK Update OK.
CC: (none) => yann.cantinWhiteboard: MGA4TOO has_procedure => MGA4TOO has_procedure MGA5-64-OK
Thanks Yann! Please leave an OK in the whiteboard on Bug 16700 for spice too.
In VirtualBox, M4, KDE, 32-bit Package(s) under test: qemu qemu-img spice-client install qemu & qemu-img from updates_testing [root@localhost wilcal]# urpmi qemu Package qemu-1.6.2-1.16.mga4.i586 is already installed [root@localhost wilcal]# urpmi qemu-img Package qemu-img-1.6.2-1.16.mga4.i586 is already installed [root@localhost wilcal]# urpmi spice-client Package spice-client-0.12.4-4.1.mga4.i586 is already installed Download M5 i586 boot.iso to /home/wilcal/Downloads in /home/wilcal/Downloads run: qemu-kvm -net user -net nic,model=virtio -cdrom boot.iso -boot d -m 512 boot.iso opens and runs. Choose HTTP server. Selected DHCP network connection. Selected a mirror for Mageia 4. Stage2 is started. Install begins. [wilcal@localhost ~]$ spicec -h 127.0.0.1 -p 5900 Warning: failed to connect: Connection refused (111) OK what's the secret code to make spice do something?
See http://www.linux-kvm.org/page/SPICE Usually test spice with virt-manager
Testing complete mga4 32 In Vbox, very slow but works. Tested spice at the same time, using virt-manager. Set Video to QXL and Display to Spice. Created a new machine with hdd and began installing a boot.iso.
Whiteboard: MGA4TOO has_procedure MGA5-64-OK => MGA4TOO has_procedure MGA5-64-OK mga4-32-ok
Validating. Separate advisories uploaded for mga4 & 5 from comment 14 & comment 15 Please push to 4 & 5 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA4TOO has_procedure MGA5-64-OK mga4-32-ok => MGA4TOO has_procedure advisory MGA5-64-OK mga4-32-ok
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0368.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0369.html
LWN reference for CVE-2015-5239: http://lwn.net/Vulnerabilities/657411/ LWN reference for CVE-2015-6815 and CVE-2015-6855: http://lwn.net/Vulnerabilities/657410/