| 1 |
boklm |
25 |
type: security |
| 2 |
|
|
subject: Updated qemu packages fix security vulnerability |
| 3 |
|
|
CVE: |
| 4 |
|
|
- CVE-2013-2007 |
| 5 |
|
|
src: |
| 6 |
|
|
2: |
| 7 |
|
|
core: |
| 8 |
|
|
- qemu-1.0-6.5.mga2 |
| 9 |
|
|
3: |
| 10 |
|
|
core: |
| 11 |
|
|
- qemu-1.2.0-8.1.mga3 |
| 12 |
|
|
description: | |
| 13 |
|
|
It was found that QEMU Guest Agent (the "qemu-ga" service) created |
| 14 |
|
|
certain files with world-writable permissions when run in daemon mode |
| 15 |
|
|
(the default mode). An unprivileged guest user could use this flaw to |
| 16 |
|
|
consume all free space on the partition containing the qemu-ga log file, or |
| 17 |
|
|
modify the contents of the log. When a UNIX domain socket transport was |
| 18 |
|
|
explicitly configured to be used (not the default), an unprivileged guest |
| 19 |
|
|
user could potentially use this flaw to escalate their privileges in the |
| 20 |
|
|
guest (CVE-2013-2007). |
| 21 |
|
|
|
| 22 |
|
|
Note: This update requires manual action. Refer below for details. |
| 23 |
|
|
|
| 24 |
|
|
This update does not change the permissions of the existing log file or |
| 25 |
|
|
the UNIX domain socket. For these to be changed, stop the qemu-ga service, |
| 26 |
|
|
and then manually remove all "group" and "other" permissions on the |
| 27 |
|
|
affected files, or remove the files. |
| 28 |
|
|
|
| 29 |
|
|
Also note that after installing this update, files created by the |
| 30 |
|
|
guest-file-open QEMU Monitor Protocol (QMP) command will still continue to |
| 31 |
|
|
be created with world-writable permissions for backwards compatibility. |
| 32 |
|
|
references: |
| 33 |
boklm |
39 |
- https://bugs.mageia.org/show_bug.cgi?id=10431 |
| 34 |
boklm |
25 |
- https://rhn.redhat.com/errata/RHSA-2013-0896.html |
| 35 |
boklm |
33 |
ID: MGASA-2013-0169 |
Parent Directory
| 
Revision Log