Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 549404

Summary: <app-emulation/qemu-{2.2.1-r2,2.3.0-r1}: VENOM: Privilege escalation via emulated floppy disk drive (XSA-133) (CVE-2015-3456)
Product: Gentoo Security Reporter: Robin Johnson <robbat2>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: alexander, floppym, gentoo, luke, qemu+disabled, toto
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=549200
Whiteboard: B1 [glsa cve]
Package list:
Runtime testing required: ---

Description Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2015-05-13 18:58:24 UTC 
See #549200 for more details.

I have already put in revbump ebuilds with the patch:
qemu-2.1.3-r1.ebuild
qemu-2.2.1-r2.ebuild
qemu-2.3.0-r1.ebuild
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2015-05-13 19:00:09 UTC 
Cardoe:
as maintainer, can you please decide which of the ebuilds you want to go stable, and call for arches as needed for that.
Comment 2 Daniel Kenzelmann 2015-05-13 19:03:11 UTC 
*** Bug 549402 has been marked as a duplicate of this bug. ***
Comment 3 Mike Gilbert gentoo-dev 2015-05-13 19:12:21 UTC 
vapier seems to be making most of the commits recently as a maintainer of the qemu herd.
Comment 4 Agostino Sarubbo gentoo-dev 2015-05-13 20:12:41 UTC 
I'd go for 2.2.1-r2
Comment 5 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2015-05-13 20:54:11 UTC 
vapier:
which versions do you want to go stable?
My vote is 2.1.3-r1 AND 2.2.1-r2
Comment 6 SpanKY gentoo-dev 2015-05-13 23:11:21 UTC 
(In reply to Robin Johnson from comment #5)

just 2.2.1-r2.  the 2.1.x series is going away bug 544328 already.
Comment 7 Agostino Sarubbo gentoo-dev 2015-05-14 07:11:21 UTC 
+  14 May 2015; Agostino Sarubbo <ago@gentoo.org>
+  -files/qemu-2.1.1-readlink-self.patch,
+  -files/qemu-2.1.2-vnc-sanitize-bits.patch, -qemu-2.1.2-r2.ebuild,
+  -qemu-2.1.3-r1.ebuild, -qemu-2.1.3.ebuild, -qemu-2.2.0.ebuild,
+  -qemu-2.2.1-r1.ebuild, -qemu-2.2.1.ebuild, -qemu-2.3.0.ebuild,
+  qemu-2.2.1-r2.ebuild:
+  Stable for amd64/x86 - remove old.


Security please file the glsa request.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2015-06-14 20:14:48 UTC 
CVE-2015-3456 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3456):
  The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier
  and KVM, allows local guest users to cause a denial of service
  (out-of-bounds write and guest crash) or possibly execute arbitrary code via
  the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other
  unspecified commands, aka VENOM.
Comment 9 Yury German Gentoo Infrastructure gentoo-dev 2015-12-31 03:45:11 UTC 
Arches and Maintainer(s), Thank you for your work.

Added to an existing GLSA Request.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2016-02-04 09:33:22 UTC 
This issue was resolved and addressed in
 GLSA 201602-01 at https://security.gentoo.org/glsa/201602-01
by GLSA coordinator Kristian Fiskerstrand (K_F).