| 1 |
type: security |
| 2 |
subject: Updated qemu packages fix security vulnerability |
| 3 |
CVE: |
| 4 |
- CVE-2013-2007 |
| 5 |
src: |
| 6 |
2: |
| 7 |
core: |
| 8 |
- qemu-1.0-6.5.mga2 |
| 9 |
3: |
| 10 |
core: |
| 11 |
- qemu-1.2.0-8.1.mga3 |
| 12 |
description: | |
| 13 |
It was found that QEMU Guest Agent (the "qemu-ga" service) created |
| 14 |
certain files with world-writable permissions when run in daemon mode |
| 15 |
(the default mode). An unprivileged guest user could use this flaw to |
| 16 |
consume all free space on the partition containing the qemu-ga log file, or |
| 17 |
modify the contents of the log. When a UNIX domain socket transport was |
| 18 |
explicitly configured to be used (not the default), an unprivileged guest |
| 19 |
user could potentially use this flaw to escalate their privileges in the |
| 20 |
guest (CVE-2013-2007). |
| 21 |
|
| 22 |
Note: This update requires manual action. Refer below for details. |
| 23 |
|
| 24 |
This update does not change the permissions of the existing log file or |
| 25 |
the UNIX domain socket. For these to be changed, stop the qemu-ga service, |
| 26 |
and then manually remove all "group" and "other" permissions on the |
| 27 |
affected files, or remove the files. |
| 28 |
|
| 29 |
Also note that after installing this update, files created by the |
| 30 |
guest-file-open QEMU Monitor Protocol (QMP) command will still continue to |
| 31 |
be created with world-writable permissions for backwards compatibility. |
| 32 |
references: |
| 33 |
- https://bugs.mageia.org/show_bug.cgi?id=10431 |
| 34 |
- https://rhn.redhat.com/errata/RHSA-2013-0896.html |
| 35 |
ID: MGASA-2013-0169 |
Parent Directory
| 
Revision Log