8715 – qemu-kvm new security issue CVE-2012-6075

Bug 8715 - qemu-kvm new security issue CVE-2012-6075

Summary: qemu-kvm new security issue CVE-2012-6075

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	2
Hardware:	i586 Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:

URL:	http://lwn.net/Vulnerabilities/532808/
Whiteboard:	has_procedure mga2-64-OK MGA2-32-OK
Keywords:	validated_update

Depends on:
Blocks:

Reported:	2013-01-16 21:55 CET by David Walser
Modified:	2013-02-06 22:53 CET (History)
CC List:	3 users (show)

See Also:
Source RPM:	qemu-1.0-6.2.mga2.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2013-01-16 21:55:13 CET

Debian has issued an advisory on January 15:
http://www.debian.org/security/2013/dsa-2607

Patched packages uploaded for Mageia 2 and Cauldron.

Patch also checked into Mageia 1 SVN.

Advisory:
========================

Updated qemu-kvm packages fix security vulnerability:

It was discovered that the e1000 emulation code in QEMU does not enforce
frame size limits in the same way as the real hardware does. This could
trigger buffer overflows in the guest operating system driver for that
network card, assuming that the host system does not discard such frames
(which it will by default) (CVE-2012-6075).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6075
http://www.debian.org/security/2013/dsa-2607
========================

Updated packages in core/updates_testing:
========================
qemu-1.0-6.3.mga2
qemu-img-1.0-6.3.mga2

from qemu-1.0-6.3.mga2.src.rpm

Comment 1 claire robinson 2013-01-17 14:58:00 CET

Seems difficult to reproduce and low risk so just testing the updated packages

Comment 2 claire robinson 2013-01-17 15:19:06 CET

Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=6694#c3

Whiteboard: (none) => has_procedure

Comment 3 claire robinson 2013-01-17 17:45:50 CET

Testing complete mga2 64

Whiteboard: has_procedure => has_procedure mga2-64-OK

Comment 4 Dave Hodgins 2013-01-31 22:42:27 CET

I'll test Mageia 2 i586 shortly.

CC: (none) => davidwhodgins

Comment 5 Dave Hodgins 2013-02-01 04:49:18 CET

Testing complete on Mageia 2 i586.

Could someone from the sysadmin team push the srpm
qemu-1.0-6.3.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates.

Advisory: Updated qemu-kvm packages fix security vulnerability:

It was discovered that the e1000 emulation code in QEMU does not enforce
frame size limits in the same way as the real hardware does. This could
trigger buffer overflows in the guest operating system driver for that
network card, assuming that the host system does not discard such frames
(which it will by default) (CVE-2012-6075).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6075
http://www.debian.org/security/2013/dsa-2607

https://bugs.mageia.org/show_bug.cgi?id=8715

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: has_procedure mga2-64-OK => has_procedure mga2-64-OK MGA2-32-OK

Comment 6 Thomas Backlund 2013-02-06 22:53:53 CET

Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0025

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.