Bug 7006 - qemu-kvm missing update for security issues CVE-2011-2527 and CVE-2012-0029
: qemu-kvm missing update for security issues CVE-2011-2527 and CVE-2012-0029
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 1
: i586 Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
:
: http://lwn.net/Vulnerabilities/452825/
: has_procedure MGA1-64-OK MGA1-32-OK
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2012-08-10 21:01 CEST by David Walser
Modified: 2012-08-18 11:58 CEST (History)
3 users (show)

See Also:
Source RPM: qemu-0.14.0-5.1.1.mga1.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2012-08-10 21:01:49 CEST
Fedora has issued an advisory on May 29:
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html

Patched package for Mageia 1 uploaded.

Advisory:
========================

Updated qemu packages fix security vulnerabilities:

The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier
does not properly drop group privileges when the -runas option is used,
which allows local guest users to access restricted files on the host
(CVE-2011-2527).

Heap-based buffer overflow in the process_tx_desc function in the e1000
emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions,
allows guest OS users to cause a denial of service (QEMU crash) and possibly
execute arbitrary code via crafted legacy mode packets (CVE-2012-0029).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0029
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html
========================

Updated packages in core/updates_testing:
========================
qemu-0.14.0-5.2.mga1
qemu-img-0.14.0-5.2.mga1

from qemu-0.14.0-5.2.mga1.src.rpm
Comment 1 Dave Hodgins 2012-08-16 04:37:27 CEST
No poc that I could see.

I'll test Mageia 1 x86-64 shortly using the procedure from
https://bugs.mageia.org/show_bug.cgi?id=6694#c3
Comment 2 Dave Hodgins 2012-08-16 05:55:26 CEST
Testing complete on Mageia 1 x86-64.

I'll test Mageia 1 i586 shortly.
Comment 3 Dave Hodgins 2012-08-16 09:37:13 CEST
Testing on Mageia 1 i586 complete.

Could someone from the sysadmin team push the srpm
qemu-0.14.0-5.2.mga1.src.rpm
from Mageia 1 Core Updates Testing to Core Updates.

Advisory: Updated qemu packages fix security vulnerabilities:

The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier
does not properly drop group privileges when the -runas option is used,
which allows local guest users to access restricted files on the host
(CVE-2011-2527).

Heap-based buffer overflow in the process_tx_desc function in the e1000
emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions,
allows guest OS users to cause a denial of service (QEMU crash) and possibly
execute arbitrary code via crafted legacy mode packets (CVE-2012-0029).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0029
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html

https://bugs.mageia.org/show_bug.cgi?id=7006
Comment 4 Thomas Backlund 2012-08-18 11:58:39 CEST
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0222

Note You need to log in before you can comment on or make changes to this bug.