1 |
boklm |
25 |
type: security |
2 |
|
|
subject: Updated qemu packages fix security vulnerability |
3 |
|
|
CVE: |
4 |
|
|
- CVE-2013-2007 |
5 |
|
|
src: |
6 |
|
|
2: |
7 |
|
|
core: |
8 |
|
|
- qemu-1.0-6.5.mga2 |
9 |
|
|
3: |
10 |
|
|
core: |
11 |
|
|
- qemu-1.2.0-8.1.mga3 |
12 |
|
|
description: | |
13 |
|
|
It was found that QEMU Guest Agent (the "qemu-ga" service) created |
14 |
|
|
certain files with world-writable permissions when run in daemon mode |
15 |
|
|
(the default mode). An unprivileged guest user could use this flaw to |
16 |
|
|
consume all free space on the partition containing the qemu-ga log file, or |
17 |
|
|
modify the contents of the log. When a UNIX domain socket transport was |
18 |
|
|
explicitly configured to be used (not the default), an unprivileged guest |
19 |
|
|
user could potentially use this flaw to escalate their privileges in the |
20 |
|
|
guest (CVE-2013-2007). |
21 |
|
|
|
22 |
|
|
Note: This update requires manual action. Refer below for details. |
23 |
|
|
|
24 |
|
|
This update does not change the permissions of the existing log file or |
25 |
|
|
the UNIX domain socket. For these to be changed, stop the qemu-ga service, |
26 |
|
|
and then manually remove all "group" and "other" permissions on the |
27 |
|
|
affected files, or remove the files. |
28 |
|
|
|
29 |
|
|
Also note that after installing this update, files created by the |
30 |
|
|
guest-file-open QEMU Monitor Protocol (QMP) command will still continue to |
31 |
|
|
be created with world-writable permissions for backwards compatibility. |
32 |
|
|
references: |
33 |
boklm |
39 |
- https://bugs.mageia.org/show_bug.cgi?id=10431 |
34 |
boklm |
25 |
- https://rhn.redhat.com/errata/RHSA-2013-0896.html |
35 |
boklm |
33 |
ID: MGASA-2013-0169 |