Two security issues in Qemu have been announced with CVEs: http://openwall.com/lists/oss-security/2015/11/30/2 http://openwall.com/lists/oss-security/2015/11/30/3 There was also a CVE request for a third issue: http://openwall.com/lists/oss-security/2015/11/25/3 All three messages contains links to upstream fixes. Reproducible: Steps to Reproduce:
Ubuntu has issued an advisory for this today (December 3): http://www.ubuntu.com/usn/usn-2828-1/ (In reply to David Walser from comment #0) > There was also a CVE request for a third issue: > http://openwall.com/lists/oss-security/2015/11/25/3 This one is CVE-2015-8345.
URL: (none) => http://lwn.net/Vulnerabilities/666755/Summary: qemu new security issues CVE-2015-7504 and CVE-2015-7512 => qemu new security issues CVE-2015-7504, CVE-2015-7512, and CVE-2015-8345
CVE request for another issue: http://openwall.com/lists/oss-security/2015/12/08/4
(In reply to David Walser from comment #2) > CVE request for another issue: > http://openwall.com/lists/oss-security/2015/12/08/4 This is CVE-2015-8504: http://openwall.com/lists/oss-security/2015/12/08/7
Summary: qemu new security issues CVE-2015-7504, CVE-2015-7512, and CVE-2015-8345 => qemu new security issues CVE-2015-7504, CVE-2015-7512, CVE-2015-8345, CVE-2015-8504
Another issue, CVE-2015-7549 has been announced: http://openwall.com/lists/oss-security/2015/12/14/2 CVE request for yet another issue: http://openwall.com/lists/oss-security/2015/12/14/9
Summary: qemu new security issues CVE-2015-7504, CVE-2015-7512, CVE-2015-8345, CVE-2015-8504 => qemu new security issues CVE-2015-7504, CVE-2015-7512, CVE-2015-7549, CVE-2015-8345, CVE-2015-8504
(In reply to David Walser from comment #4) > CVE request for yet another issue: > http://openwall.com/lists/oss-security/2015/12/14/9 This is CVE-2015-8558: http://openwall.com/lists/oss-security/2015/12/14/16
Summary: qemu new security issues CVE-2015-7504, CVE-2015-7512, CVE-2015-7549, CVE-2015-8345, CVE-2015-8504 => qemu new security issues CVE-2015-7504, CVE-2015-7512, CVE-2015-7549, CVE-2015-8345, CVE-2015-8504, CVE-2015-8558
(In reply to David Walser from comment #3) > (In reply to David Walser from comment #2) > > CVE request for another issue: > > http://openwall.com/lists/oss-security/2015/12/08/4 > > This is CVE-2015-8504: > http://openwall.com/lists/oss-security/2015/12/08/7 LWN reference: http://lwn.net/Vulnerabilities/667759/ Fedora has issued an advisory for this today (December 14): https://lists.fedoraproject.org/pipermail/package-announce/2015-December/173749.html
Severity: normal => major
CVE request for yet another issue: http://openwall.com/lists/oss-security/2015/12/15/4
(In reply to David Walser from comment #7) > CVE request for yet another issue: > http://openwall.com/lists/oss-security/2015/12/15/4 This is CVE-2015-8567 and CVE-2015-8568: http://openwall.com/lists/oss-security/2015/12/15/10
Summary: qemu new security issues CVE-2015-7504, CVE-2015-7512, CVE-2015-7549, CVE-2015-8345, CVE-2015-8504, CVE-2015-8558 => qemu new security issues CVE-2015-7504, CVE-2015-7512, CVE-2015-7549, CVE-2015-8345, CVE-2015-8504, CVE-2015-8558, CVE-2015-856[78]
yeah, and maybe some more are coming in a few days... I will fix it up this weekend along with xen and kernel
CC: (none) => tmb
CVE request for yet another issue: http://openwall.com/lists/oss-security/2015/12/21/7
(In reply to David Walser from comment #10) > CVE request for yet another issue: > http://openwall.com/lists/oss-security/2015/12/21/7 This is CVE-2015-8613: http://openwall.com/lists/oss-security/2015/12/22/1
Summary: qemu new security issues CVE-2015-7504, CVE-2015-7512, CVE-2015-7549, CVE-2015-8345, CVE-2015-8504, CVE-2015-8558, CVE-2015-856[78] => qemu new security issues CVE-2015-7504, CVE-2015-7512, CVE-2015-7549, CVE-2015-8345, CVE-2015-8504, CVE-2015-8558, CVE-2015-856[78], CVE-2015-8613
CVE request for yet another issue: http://openwall.com/lists/oss-security/2015/12/22/8
(In reply to David Walser from comment #12) > CVE request for yet another issue: > http://openwall.com/lists/oss-security/2015/12/22/8 This is CVE-2015-8619: http://openwall.com/lists/oss-security/2015/12/23/1
Summary: qemu new security issues CVE-2015-7504, CVE-2015-7512, CVE-2015-7549, CVE-2015-8345, CVE-2015-8504, CVE-2015-8558, CVE-2015-856[78], CVE-2015-8613 => qemu new security issues CVE-2015-7504, CVE-2015-7512, CVE-2015-7549, CVE-2015-8345, CVE-2015-8504, CVE-2015-8558, CVE-2015-856[78], CVE-2015-861[39]
heh, the CVEs keeps coming :) and xen project forgot their own embargo rules... a fun week... but hopefully it now slows up so I can finish the updates :)
Cauldron updated to 2.5.0 that fixed: - net: pcnet: add check to validate receive data size (CVE-2015-7504) - net: pcnet: fix rx buffer overflow (CVE-2015-7512) - net: eepro100: Prevent two endless loops (CVE-2015-8345) - ui: vnc: avoid floating point exception (CVE-2015-8504) - pci: msix: implement pba write (but read-only) (CVE-2015-7549) - ehci: make idt processing more robust (CVE-2015-8558) and added patches for: - net: vmxnet3: memory leakage issue (CVE-2015-8567, CVE-2015-8568) - scsi: initialise info object with appropriate size (CVE-2015-8613) - hmp: avoid redundant null termination of buffer (CVE-2015-8619) For mga5, all the above CVE fixes added as patches to: SRPM: qemu-2.1.3-2.8.mga5.src.rpm i586: qemu-2.1.3-2.8.mga5.i586.rpm qemu-img-2.1.3-2.8.mga5.i586.rpm x86_64: qemu-2.1.3-2.8.mga5.x86_64.rpm qemu-img-2.1.3-2.8.mga5.x86_64.rpm
Hardware: i586 => AllAssignee: bugsquad => qa-bugs
Testing procedures: https://bugs.mageia.org/show_bug.cgi?id=13096#c34 https://bugs.mageia.org/show_bug.cgi?id=6694#c3
Whiteboard: (none) => has_procedure
Of course as soon as I pushed a build, a new security issue was posted... So I pulled in that fix too: - acpi: fix buffer overrun on migration (CVE pending) So packages to test now are: SRPM: qemu-2.1.3-2.9.mga5.src.rpm i586: qemu-2.1.3-2.9.mga5.i586.rpm qemu-img-2.1.3-2.9.mga5.i586.rpm x86_64: qemu-2.1.3-2.9.mga5.x86_64.rpm qemu-img-2.1.3-2.9.mga5.x86_64.rpm
CVE request for the new issue tmb just mentioned: http://openwall.com/lists/oss-security/2015/12/24/1
(In reply to David Walser from comment #18) > CVE request for the new issue tmb just mentioned: > http://openwall.com/lists/oss-security/2015/12/24/1 CVE-2015-8666: http://openwall.com/lists/oss-security/2015/12/24/3
Summary: qemu new security issues CVE-2015-7504, CVE-2015-7512, CVE-2015-7549, CVE-2015-8345, CVE-2015-8504, CVE-2015-8558, CVE-2015-856[78], CVE-2015-861[39] => qemu new security issues CVE-2015-7504, CVE-2015-7512, CVE-2015-7549, CVE-2015-8345, CVE-2015-8504, CVE-2015-8558, CVE-2015-856[78], CVE-2015-861[39], CVE-2015-8666
CVE request for yet another issue: http://openwall.com/lists/oss-security/2015/12/28/6 I don't if we have Rocker support in our build. It doesn't say how to tell.
(In reply to David Walser from comment #20) > CVE request for yet another issue: > http://openwall.com/lists/oss-security/2015/12/28/6 > > I don't if we have Rocker support in our build. It doesn't say how to tell. CVE-2015-8701: http://openwall.com/lists/oss-security/2015/12/29/1
Three more CVEs have been assigned. Since this hasn't been tested yet, it would be a good time to add the last four patches. CVE-2015-8743: http://openwall.com/lists/oss-security/2016/01/04/2 CVE-2015-8744: http://openwall.com/lists/oss-security/2016/01/04/6 CVE-2015-8745: http://openwall.com/lists/oss-security/2016/01/04/7
Whiteboard: has_procedure => has_procedure feedback
Yep, saw them last night... will fix today
And another one, CVE-2016-1568: http://openwall.com/lists/oss-security/2016/01/09/2
CVE request for yet another issue: http://openwall.com/lists/oss-security/2016/01/11/7
(In reply to David Walser from comment #25) > CVE request for yet another issue: > http://openwall.com/lists/oss-security/2016/01/11/7 CVE-2016-1714: http://openwall.com/lists/oss-security/2016/01/12/10
(In reply to Thomas Backlund from comment #26) > (In reply to David Walser from comment #25) > > CVE request for yet another issue: > > http://openwall.com/lists/oss-security/2016/01/11/7 > > CVE-2016-1714: > http://openwall.com/lists/oss-security/2016/01/12/10 This one only affects Mageia 5, not Cauldron.
rocker cve is cauldron only, and vmxnet3 and fw_cfg cve's are mga5 only, so: Caouldron patched for: - net: rocker: fix an incorrect array bounds check (CVE-2015-8701) - net: ne2000: fix bounds check in ioport operations (CVE-2015-8743) - ide: ahci: reset ncq object to unused on error (CVE-2016-1568) And Mga5 is patched for: - net/ne2000: fix bounds check in ioport operations (CVE-2015-8743) - net/vmxnet3: Refine l2 header validation (CVE-2015-8744) - net/vmxnet3: Support reading IMR registers on bar0 (CVE-2015-8745) - ide: ahci: reset ncq object to unused on error (CVE-2016-1568) - fw_cfg: add check to validate current (CVE-2016-1714) SRPM: qemu-2.1.3-2.10.mga5.src.rpm i586: qemu-2.1.3-2.10.mga5.i586.rpm qemu-img-2.1.3-2.10.mga5.i586.rpm x86_64: qemu-2.1.3-2.10.mga5.x86_64.rpm qemu-img-2.1.3-2.10.mga5.x86_64.rpm
Whiteboard: has_procedure feedback => has_procedure
Full list of CVEs mentioned in this bug (now removed from subject): CVE-2015-7504 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 CVE-2015-8504 CVE-2015-8558 CVE-2015-856[78] CVE-2015-861[39] CVE-2015-8666 CVE-2015-8701 (Cauldron only) CVE-2015-874[3-5] (CVE-2015-8744 and CVE-2015-8745, Mageia 5 only) CVE-2016-1568 CVE-2016-1714 (Mageia 5 only)
Summary: qemu new security issues CVE-2015-7504, CVE-2015-7512, CVE-2015-7549, CVE-2015-8345, CVE-2015-8504, CVE-2015-8558, CVE-2015-856[78], CVE-2015-861[39], CVE-2015-8666 => qemu new security issues (too many CVEs to mention)
LWN reference for... CVE-2015-7549 CVE-2015-8558 CVE-2015-8666 CVE-2015-8744 CVE-2015-8745: http://lwn.net/Vulnerabilities/671631/ Fedora has issued an advisory for this today (January 12): https://lists.fedoraproject.org/pipermail/package-announce/2016-January/175380.html
Hi David - I wasn't able to find qemu-2.1.3.2.10 in my testing mirror. Can you try triggering it again, I'll snag it over the weekend. tested prior version - it worked with test linux image.
CC: (none) => brtians1
Resubmitted. SRPM: qemu-2.1.3-2.11.mga5.src.rpm i586: qemu-2.1.3-2.11.mga5.i586.rpm qemu-img-2.1.3-2.11.mga5.i586.rpm x86_64: qemu-2.1.3-2.11.mga5.x86_64.rpm qemu-img-2.1.3-2.11.mga5.x86_64.rpm
AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ [root@localhost Downloads]# urpmi qemu Package qemu-2.1.3-2.11.mga5.i586 is already installed $ qemu-kvm slacko-5.7.0-PAE.iso 20 minutes later I get the screen. "Welcome to Slacko Puppy 5.7.0!" Seems to work as designed. Calling other modules gets a response I'd expect [brian@localhost ~]$ qemu-alpha usage: qemu-alpha [options] program [arguments...] Linux CPU emulator (compiled for alpha emulation) Options and associated environment variables: Argument Env-variable Description -h print this help -g port QEMU_GDB wait gdb connection to 'port' -L path QEMU_LD_PREFIX set the elf interpreter prefix to 'path' -s size QEMU_STACK_SIZE set the stack size to 'size' bytes -cpu model QEMU_CPU select CPU (-cpu help for list) -E var=value QEMU_SET_ENV sets targets environment variable (see below) -U var QEMU_UNSET_ENV unsets targets environment variable (see below) -0 argv0 QEMU_ARGV0 forces target process argv[0] to be 'argv0' -r uname QEMU_UNAME set qemu uname release string to 'uname' -B address QEMU_GUEST_BASE set guest_base address to 'address' -R size QEMU_RESERVED_VA reserve 'size' bytes for guest virtual address space -d item[,...] QEMU_LOG enable logging of specified items (use '-d help' for a list of items) -D logfile QEMU_LOG_FILENAME write logs to 'logfile' (default stderr) -p pagesize QEMU_PAGESIZE set the host page size to 'pagesize' -singlestep QEMU_SINGLESTEP run in singlestep mode -strace QEMU_STRACE log system calls -version QEMU_VERSION display version information and exit Defaults: QEMU_LD_PREFIX = /usr/qemu-alpha QEMU_STACK_SIZE = 8388608 byte You can use -E and -U options or the QEMU_SET_ENV and QEMU_UNSET_ENV environment variables to set and unset environment variables for the target process. It is possible to provide several variables by separating them by commas in getsubopt(3) style. Additionally it is possible to provide the -E and -U options multiple times. The following lines are equivalent: -E var1=val2 -E var2=val2 -U LD_PRELOAD -U LD_DEBUG -E var1=val2,var2=val2 -U LD_PRELOAD,LD_DEBUG QEMU_SET_ENV=var1=val2,var2=val2 QEMU_UNSET_ENV=LD_PRELOAD,LD_DEBUG Note that if you provide several changes to a single variable the last change will stay in effect. [brian@localhost ~]$ /usr/bin/qemu-i386 usage: qemu-i386 [options] program [arguments...] Linux CPU emulator (compiled for i386 emulation) Options and associated environment variables: Argument Env-variable Description -h print this help -g port QEMU_GDB wait gdb connection to 'port' -L path QEMU_LD_PREFIX set the elf interpreter prefix to 'path' -s size QEMU_STACK_SIZE set the stack size to 'size' bytes -cpu model QEMU_CPU select CPU (-cpu help for list) -E var=value QEMU_SET_ENV sets targets environment variable (see below) -U var QEMU_UNSET_ENV unsets targets environment variable (see below) -0 argv0 QEMU_ARGV0 forces target process argv[0] to be 'argv0' -r uname QEMU_UNAME set qemu uname release string to 'uname' -B address QEMU_GUEST_BASE set guest_base address to 'address' -R size QEMU_RESERVED_VA reserve 'size' bytes for guest virtual address space -d item[,...] QEMU_LOG enable logging of specified items (use '-d help' for a list of items) -D logfile QEMU_LOG_FILENAME write logs to 'logfile' (default stderr) -p pagesize QEMU_PAGESIZE set the host page size to 'pagesize' -singlestep QEMU_SINGLESTEP run in singlestep mode -strace QEMU_STRACE log system calls -version QEMU_VERSION display version information and exit Defaults: QEMU_LD_PREFIX = /usr/qemu-i386 QEMU_STACK_SIZE = 8388608 byte You can use -E and -U options or the QEMU_SET_ENV and QEMU_UNSET_ENV environment variables to set and unset environment variables for the target process. It is possible to provide several variables by separating them by commas in getsubopt(3) style. Additionally it is possible to provide the -E and -U options multiple times. The following lines are equivalent: -E var1=val2 -E var2=val2 -U LD_PRELOAD -U LD_DEBUG -E var1=val2,var2=val2 -U LD_PRELOAD,LD_DEBUG QEMU_SET_ENV=var1=val2,var2=val2 QEMU_UNSET_ENV=LD_PRELOAD,LD_DEBUG Note that if you provide several changes to a single variable the last change will stay in effect. I would say this is working
Whiteboard: has_procedure => has_procedure MGA5-32-OK
In VirtualBox, M5, KDE, 64-bit Package(s) under test: qemu qemu-img default install of qemu qemu-img [root@localhost wilcal]# urpmi qemu Package qemu-1.6.2-1.12.mga4.i586 is already installed [root@localhost wilcal]# urpmi qemu-img Package qemu-img-1.6.2-1.12.mga4.i586 is already installed create /home/wilcal/qemu_test into that copy M5 KDE i586 boot.iso change name to: boot_5_x86_64.iso using a terminal in /home/wilcal/qemu_test run: qemu-kvm -net user -net nic,model=virtio -cdrom boot_5_x86_64.iso -boot d -m 512 boot_5_x86_64 opens and runs. Choose HTTP server. Selected DHCP network connection. Selected a mirror for Mageia 5. Stage2 is started. Install begins. install qemu & qemu-img from updates_testing [root@localhost wilcal]# urpmi qemu Package qemu-2.1.3-2.11.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi qemu-img Package qemu-img-2.1.3-2.11.mga5.x86_64 is already installed using a terminal in /home/wilcal/qemu_test run: qemu-kvm -net user -net nic,model=virtio -cdrom boot_5_x86_64.iso -boot d -m 512 boot_5_x86_64.iso opens and runs. Choose HTTP server. Selected DHCP network connection. Selected a mirror for Mageia 5. Stage2 is started. Install begins. [wilcal@localhost qemu_test]$ qemu-alpha usage: qemu-alpha [options] program [arguments...] Linux CPU emulator (compiled for alpha emulation) Options and associated environment variables: Argument Env-variable Description -h print this help.......
CC: (none) => wilcal.int
Whiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK MGA5-64-OK
I'd say this is good to go. You get the validation honors Brian.
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA5-32-OK MGA5-64-OK => has_procedure MGA5-32-OK MGA5-64-OK advisoryCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0023.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
LWN reference for... CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2016-1568 CVE-2016-1714: http://lwn.net/Vulnerabilities/672331/
LWN reference for CVE-2015-8701: http://lwn.net/Vulnerabilities/673466/