MGASA-2014-0467

Description

Updated qemu packages fix security vulnerabilities The Advanced Threat Research team at Intel Security reported that guest provided parameter were insufficiently validated in rectangle functions in the vmware-vga driver. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process (CVE-2014-3689). It was discovered that QEMU incorrectly handled USB xHCI controller live migration. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code (CVE-2014-5263). James Spadaro of Cisco reported insufficiently sanitized bits_per_pixel from the client in the QEMU VNC display driver. An attacker having access to the guest's VNC console could use this flaw to crash the guest (CVE-2014-7815). Additionally, the qemu update in MGASA-2014-0426 did not have USB redirection support because Qemu 1.6.2 requires an updated libusbredirparser library. This update has been built against the updated usbredirparser library.

Affected Systems

• mageia•qemu

  < 1.6.2-1.5.mga4

• mageia•usbredir

  < 0.6-1.mga4

References (6)

• https://advisories.mageia.org/MGASA-2014-0467.html
• https://bugs.mageia.org/show_bug.cgi?id=14434
• http://advisories.mageia.org/MGASA-2014-0426.html
• https://www.debian.org/security/2014/dsa-3066
• http://www.ubuntu.com/usn/usn-2409-1/
• https://lists.fedoraproject.org/pipermail/package-announce/2014-November/143312.html