Bug 9871 - qemu new security issue CVE-2013-1922
Summary: qemu new security issue CVE-2013-1922
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 2
Hardware: i586 Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/548505/
Whiteboard: has_procedure mga2-64-ok mga2-32-ok
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2013-04-26 00:13 CEST by David Walser
Modified: 2013-05-02 19:32 CEST (History)
2 users (show)

See Also:
Source RPM: qemu-1.2.0-7.mga3.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2013-04-26 00:13:32 CEST
Fedora has issued an advisory on April 21:
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103621.html

Mageia 2 is also affected.

Patch checked into SVN for Mageia 2 and Cauldron.

Currently testing a Cauldron build locally before asking for a freeze push.

Will submit the Mageia 2 build once it's available in Cauldron.

Reproducible: 

Steps to Reproduce:
David Walser 2013-04-26 00:13:41 CEST

Whiteboard: (none) => MGA2TOO

Comment 1 David Walser 2013-04-26 16:28:40 CEST
Patched packages uploaded for Mageia 2 and Cauldron.

Advisory:
========================

Updated qemu packages fix security vulnerability:

A security flaw was found in the way qemu-nbd, the QEMU Disk Network Block
Device server tool of QEMU, performed detection of image formats (the image
format has been previously autodetected). A guest operating system
administrator could write a header to particular raw disk image format,
describing another format than original one for that disk image, leading to
scenario in which after restart of that guest, QEMU would detect new format
of the image, and could allow the guest to read any file on the host if QEMU
was sufficiently privileged (CVE-2013-1922).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1922
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103621.html
========================

Updated packages in core/updates_testing:
========================
qemu-1.0-6.4.mga2
qemu-img-1.0-6.4.mga2

from qemu-1.0-6.4.mga2.src.rpm

Version: Cauldron => 2
Assignee: bugsquad => qa-bugs
Whiteboard: MGA2TOO => (none)

Comment 2 claire robinson 2013-04-30 19:18:38 CEST
Procedure: https://bugs.mageia.org/show_bug.cgi?id=6694#c3

Whiteboard: (none) => has_procedure

Comment 3 claire robinson 2013-04-30 20:46:43 CEST
Testing complete mga2 64

IIUC We don't have nbd-client in mga2 so although we can serve the image there is nothing to connect it with. eg. http://blogs.gnome.org/muelli/2010/03/mounting-qemu-qcow2-image-using-nbd/

$ qemu-nbd -p 1024 mageia.qcow2 &
[1] 16727

# netstat -pant | grep 1024
tcp   0    0 0.0.0.0:1024    0.0.0.0:*     LISTEN      16727/qemu-nbd

All other tests ok.

Whiteboard: has_procedure => has_procedure mga2-64-ok

Comment 4 claire robinson 2013-05-01 14:51:27 CEST
Testing mga2 32
Comment 5 claire robinson 2013-05-01 16:25:22 CEST
Testing complete mga2 32

Validating

Advisory & SRPM in comment 1

Could sysadmin please push from core/updates_testing to core/updates

Thanks!

Keywords: (none) => validated_update
Whiteboard: has_procedure mga2-64-ok => has_procedure mga2-64-ok mga2-32-ok
CC: (none) => sysadmin-bugs

Comment 6 Thomas Backlund 2013-05-02 19:32:27 CEST
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0134

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.