OpenSuSE has issued an advisory today (July 4): http://lists.opensuse.org/opensuse-updates/2012-07/msg00012.html The Novell bug has a link to the upstream fix: https://bugzilla.novell.com/show_bug.cgi?id=764526
CC: (none) => n54Whiteboard: (none) => MGA2TOO, MGA1TOO
Patched package uploaded for Mageia 1, Mageia 2, and Cauldron. Advisory: ======================== Updated qemu packages fix security vulnerability: A flaw was found in how qemu, in snapshot mode (-snapshot command line argument), handled the creation and opening of the temporary file used to store the difference of the virtualized guest's read-only image and the current state. In snapshot mode, bdrv_open() creates an empty temporary file without checking for any mkstemp() or close() failures; it also ignores the possibility of a buffer overrun given an exceptionally long $TMPDIR. Because qemu re-opens that file after creation, it is possible to race qemu and insert a symbolic link with the same expected name as the temporary file, pointing to an attacker-chosen file. This can be used to either overwrite the destination file with the privileges of the user running qemu (typically root), or to point to an attacker-readable file that could expose data from the guest to the attacker (CVE-2012-2652). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2652 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2652 http://lists.opensuse.org/opensuse-updates/2012-07/msg00012.html ======================== Updated packages in core/updates_testing: ======================== qemu-0.14.0-5.1.1.mga1 qemu-img-0.14.0-5.1.1.mga1 qemu-1.0-6.1.mga2 qemu-img-1.0-6.1.mga2 from SRPMS: qemu-0.14.0-5.1.1.mga1.src.rpm qemu-1.0-6.1.mga2.src.rpm
Version: Cauldron => 2Assignee: bugsquad => qa-bugsWhiteboard: MGA2TOO, MGA1TOO => MGA1TOO
Testing Mageia 2 64bit
Not used qemu really before so learning as I go.. $ qemu-img create mageia.qcow 5G Formatting 'mageia.qcow', fmt=raw size=5368709120 convert it to qcow2 so you can save snapshots, not sure if this can be done when you create the disk. $ qemu-img convert -O qcow2 mageia.qcow mageia.qcow2 $ qemu-system-i386 -cdrom ISOs/mageia-dual-1.iso -hda mageia.qcow2 -boot d -net nic -net user -m 512 -localtime Installed Mageia 1. qemu is very slow so thanks to ennael for pointing out how to use kvm which speeds it up a bit. # egrep -c '(svm|vmx)' /proc/cpuinfo 4 If it returns more than 0 then your cpu is capable. # modprobe kvm Run the VM. $ qemu-system-i386 -hda mageia.qcow2 -boot d -net nic -net user -m 512 -localtime Take a snapshot. In qemu press ctrl-alt-2 (not F2) to switch to monitor mode. Type 'savevm test1'. You can check it has saved with 'info snapshots' then ctrl-alt-1 to switch back to the machine. To load the snapshot $ qemu-system-i386 -hda mageia.qcow2 -boot d -net nic -net user -m 512 -localtime -loadvm test1 It starts in Stopped mode so you have to ctrl-alt-2 and press 'c' then ctrl-alt-1 and wait, it takes a long time for me. Or from a running VM ctrl-alt-2 and loadvm test1, then ctrl-alt-1. I will test the update shortly. Been doing other things today :\
Testing with -snapshot on the command too, not sure what the difference is.
Testing complete x86_64 mga 2 tested qemu-img with.. $ qemu-img info mageia.qcow2 image: mageia.qcow2 file format: qcow2 virtual size: 5.0G (5368709120 bytes) disk size: 949M cluster_size: 65536 Snapshot list: ID TAG VM SIZE DATE VM CLOCK 1 test1 124M 2012-07-25 16:25:38 00:02:42.274 $ qemu-img snapshot -d test1 mageia.qcow2 $ qemu-img info mageia.qcow2 image: mageia.qcow2 file format: qcow2 virtual size: 5.0G (5368709120 bytes) disk size: 949M cluster_size: 65536 $ qemu-img check mageia.qcow2 No regressions noticed with any of the above.
Whiteboard: MGA1TOO => MGA1TOO mga2-64-OK
Testing complete for Mageia 2 i586 Testing on a 64 bit system, as my 32 bit cpu doesn't have the needed features. Thanks for the detailed procedure Claire. I'll Test Mageia 1, once I've installed them on this 64 bit system.
CC: (none) => davidwhodginsWhiteboard: MGA1TOO mga2-64-OK => MGA1TOO mga2-64-OK MGA2-32-OK
Testing complete on Mageia 1 64 bit. The command qemu-system-i386 does not exist in the Mageia 1 x86-64 version, so I used qemu-system-x86_64 instead. Gave it 2 GB ram, and ran a Mageia 2 live kde cd. Very slow but once it does get booted, it's working. I'll install and then test with Mageia 1 i586 shortly.
Whiteboard: MGA1TOO mga2-64-OK MGA2-32-OK => MGA1TOO mga2-64-OK MGA2-32-OK MGA1-64-OK
Testing complete on Mageia 1 i586. Could someone from the sysadmin team push the srpm qemu-1.0-6.1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates and the srpm qemu-0.14.0-5.1.1.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. Advisory: Updated qemu packages fix security vulnerability: A flaw was found in how qemu, in snapshot mode (-snapshot command line argument), handled the creation and opening of the temporary file used to store the difference of the virtualized guest's read-only image and the current state. In snapshot mode, bdrv_open() creates an empty temporary file without checking for any mkstemp() or close() failures; it also ignores the possibility of a buffer overrun given an exceptionally long $TMPDIR. Because qemu re-opens that file after creation, it is possible to race qemu and insert a symbolic link with the same expected name as the temporary file, pointing to an attacker-chosen file. This can be used to either overwrite the destination file with the privileges of the user running qemu (typically root), or to point to an attacker-readable file that could expose data from the guest to the attacker (CVE-2012-2652). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2652 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2652 http://lists.opensuse.org/opensuse-updates/2012-07/msg00012.html https://bugs.mageia.org/show_bug.cgi?id=6694
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA1TOO mga2-64-OK MGA2-32-OK MGA1-64-OK => MGA1TOO mga2-64-OK MGA2-32-OK MGA1-64-OK MGA1-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0185
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED