Updated qemu packages fix security vulnerabilities
Publication date: 21 Nov 2014Modification date: 21 Nov 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-3689 , CVE-2014-5263 , CVE-2014-7815
Description
The Advanced Threat Research team at Intel Security reported that guest
provided parameter were insufficiently validated in rectangle functions in
the vmware-vga driver. A privileged guest user could use this flaw to write
into qemu address space on the host, potentially escalating their privileges
to those of the qemu host process (CVE-2014-3689).
It was discovered that QEMU incorrectly handled USB xHCI controller live
migration. An attacker could possibly use this issue to cause a denial of
service, or possibly execute arbitrary code (CVE-2014-5263).
James Spadaro of Cisco reported insufficiently sanitized bits_per_pixel from
the client in the QEMU VNC display driver. An attacker having access to the
guest's VNC console could use this flaw to crash the guest (CVE-2014-7815).
Additionally, the qemu update in MGASA-2014-0426 did not have USB redirection
support because Qemu 1.6.2 requires an updated libusbredirparser library.
This update has been built against the updated usbredirparser library.
References
- https://bugs.mageia.org/show_bug.cgi?id=14434
- http://advisories.mageia.org/MGASA-2014-0426.html
- https://www.debian.org/security/2014/dsa-3066
- http://www.ubuntu.com/usn/usn-2409-1/
- https://lists.fedoraproject.org/pipermail/package-announce/2014-November/143312.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3689
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5263
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7815
SRPMS
4/core
- qemu-1.6.2-1.5.mga4
- usbredir-0.6-1.mga4