1 |
type: security |
2 |
subject: Updated qemu packages fix security vulnerability |
3 |
CVE: |
4 |
- CVE-2013-2007 |
5 |
src: |
6 |
2: |
7 |
core: |
8 |
- qemu-1.0-6.5.mga2 |
9 |
3: |
10 |
core: |
11 |
- qemu-1.2.0-8.1.mga3 |
12 |
description: | |
13 |
It was found that QEMU Guest Agent (the "qemu-ga" service) created |
14 |
certain files with world-writable permissions when run in daemon mode |
15 |
(the default mode). An unprivileged guest user could use this flaw to |
16 |
consume all free space on the partition containing the qemu-ga log file, or |
17 |
modify the contents of the log. When a UNIX domain socket transport was |
18 |
explicitly configured to be used (not the default), an unprivileged guest |
19 |
user could potentially use this flaw to escalate their privileges in the |
20 |
guest (CVE-2013-2007). |
21 |
|
22 |
Note: This update requires manual action. Refer below for details. |
23 |
|
24 |
This update does not change the permissions of the existing log file or |
25 |
the UNIX domain socket. For these to be changed, stop the qemu-ga service, |
26 |
and then manually remove all "group" and "other" permissions on the |
27 |
affected files, or remove the files. |
28 |
|
29 |
Also note that after installing this update, files created by the |
30 |
guest-file-open QEMU Monitor Protocol (QMP) command will still continue to |
31 |
be created with world-writable permissions for backwards compatibility. |
32 |
references: |
33 |
- https://rhn.redhat.com/errata/RHSA-2013-0896.html |
34 |
ID: MGASA-2013-0169 |