MGASA-2013-0134
| Date: | May 2nd, 2013 |
| Affected releases: | 2 |
| Media: | Core |
Description:
Updated qemu packages fix security vulnerability:
A security flaw was found in the way qemu-nbd, the QEMU Disk Network Block
Device server tool of QEMU, performed detection of image formats (the
image format has been previously autodetected). A guest operating system
administrator could write a header to particular raw disk image format,
describing another format than original one for that disk image, leading
to scenario in which after restart of that guest, QEMU would detect new
format of the image, and could allow the guest to read any file on the
host if QEMU was sufficiently privileged (CVE-2013-1922).
Updated Packages:
i586:
qemu-1.0-6.4.mga2.i586.rpm
qemu-img-1.0-6.4.mga2.i586.rpm
qemu-debug-1.0-6.4.mga2.i586.rpm
x86_64:
qemu-1.0-6.4.mga2.x86_64.rpm
qemu-img-1.0-6.4.mga2.x86_64.rpm
qemu-debug-1.0-6.4.mga2.x86_64.rpm
SRPMS:
qemu-1.0-6.4.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1922
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103621.html
https://bugs.mageia.org/show_bug.cgi?id=9871
