Debian has issued an advisory on March 14: https://www.debian.org/security/2018/dsa-4137 The issue is related to CVE-2018-5748 and was fixed upstream in this commit: https://libvirt.org/git/?p=libvirt.git;a=commit;h=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513 Mageia 6 is also affected.
Status comment: (none) => Patch available from Debian and upstreamWhiteboard: (none) => MGA6TOO
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => marja11, thierry.vignaudAssignee: bugsquad => pkg-bugs
Patched packages uploaded for cauldron and Mageia 6. Advisory: ======================== Updated libvirt package fixes security vulnerability: It was discovered that libvirt had a potential denial of service reading from QEMU guest agent (CVE-2018-1064). References: https://libvirt.org/git/?p=libvirt.git;a=commit;h=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1064 https://www.debian.org/security/2018/dsa-4137 ======================== Updated packages in core/updates_testing: ======================== lib64virt0-3.10.0-1.2.mga6 lib64virt-devel-3.10.0-1.2.mga6 libvirt-docs-3.10.0-1.2.mga6 libvirt-utils-3.10.0-1.2.mga6 wireshark-libvirt-3.10.0-1.2.mga6 from libvirt-3.10.0-1.2.mga6.src.rpm Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=14192#c7
CC: (none) => mramboVersion: Cauldron => 6Whiteboard: MGA6TOO => (none)Keywords: (none) => has_procedure
Assignee: pkg-bugs => qa-bugs
MGA6-32 on Dell Latitude D600 Mate Installed virt-manager in addition for test purposes. Starting libvirtd service is OK Starting virt-manager at CLI just returns to prompt, nothing happens. journalctl shows error:0 in libglib-2.0.so.0.5400.3. Googling did not make me much wiser.
CC: (none) => herman.viaene
(In reply to Herman Viaene from comment #3) > MGA6-32 on Dell Latitude D600 Mate > Installed virt-manager in addition for test purposes. > Starting libvirtd service is OK > Starting virt-manager at CLI just returns to prompt, nothing happens. > journalctl shows error:0 in libglib-2.0.so.0.5400.3. Googling did not make > me much wiser. Try qemu-kvm and virt-manager on new 64-bit hardware. Does Virtual Box work on this machine?
CC: (none) => bequimao.de
Same state as in https://bugs.mageia.org/show_bug.cgi?id=22280#c12 I would mark it as mga-64-ok. Ulrich
(In reply to Ulrich Beckmann from comment #5) > Same state as in https://bugs.mageia.org/show_bug.cgi?id=22280#c12 > > I would mark it as mga-64-ok. > > Ulrich Installed versions are ipxe-roms-qemu-20150821-6.mga6 lib64glib2.0_0-2.54.3-1.mga6 lib64virt0-3.10.0-1.2.mga6 lib64virt-glib1.0_0-0.2.3-2.mga6 lib64virt-glib-gir1.0-0.2.3-2.mga6 libvirt-utils-3.10.0-1.2.mga6 python-libvirt-3.10.0-1.mga6 qemu-block-curl-2.8.1.1-7.mga6 qemu-block-dmg-2.8.1.1-7.mga6 qemu-block-iscsi-2.8.1.1-7.mga6 qemu-block-nfs-2.8.1.1-7.mga6 qemu-block-ssh-2.8.1.1-7.mga6 qemu-common-2.8.1.1-7.mga6 qemu-img-2.8.1.1-7.mga6 qemu-kvm-2.8.1.1-7.mga6 qemu-system-x86-2.8.1.1-7.mga6 virt-manager-1.4.1-1.mga6 virt-manager-common-1.4.1-1.mga6
@ Ulrich No, I never install anything Vbox on this machine because 1. I think there was an agreement to drop testing of Vbox on 32-bit platforms. 2. I have too much restrictions of available RAM and disk space on this old machine to ever try Vbox on it. You might tell me that in that case I better drop this test as well ????
@ Herman Does it work on a clean non-testing Mga6? You might have spotted an unseen dependency to https://bugs.mageia.org/show_bug.cgi?id=22661 Virtualisation on an old machine is no fun, if it works at all. https://www.linux-kvm.org/page/Processor_support Ulrich
no further regression on 64-bit.
Whiteboard: (none) => MGA6-64-OK
Validating on Ulrich's tests.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Advisoried.
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0186.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED