Fuel for OpenStack

qemu vulnerabilities (CVE-2014-0150, CVE-2014-2894)

Bug #1324927 reported by Michael Semenov on 2014-05-30

256

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Fuel for OpenStack	Fix Released	Critical	MOS Linux	Fuel for OpenStack 5.1
4.1.x	Won't Fix	Critical	MOS Linux	Fuel for OpenStack 4.1.1-updates
5.0.x	Won't Fix	High	MOS Linux	Fuel for OpenStack 5.0.2

Bug Description

Need to apply a patch for CVE-2014-0150, CVE-2014-2894, provided by Ubuntu.

Vulnerabilities links:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2894

Patches can be found here(for different versions):
https://launchpad.net/ubuntu/+source/qemu-kvm
https://launchpad.net/ubuntu/+source/qemu

Tags:

CVE References

Michael Semenov (msemenov) on 2014-05-30

affects:	fuel → qemu-kvm (Ubuntu)
Changed in qemu-kvm (Ubuntu):
assignee:	nobody → Fuel Linux Hardening Team (fuel-linux)
status:	New → In Progress
affects:	qemu-kvm (Ubuntu) → fuel
information type:	Private Security → Public Security

Alexander Podrepniy (apodrepniy) on 2014-06-12

Changed in fuel:
status:	In Progress → Fix Committed

Mike Scherbakov (mihgen) on 2014-06-18

Changed in fuel:
milestone:	none → 5.1

Revision history for this message

OSCI Robot (oscirobot) wrote on 2014-06-19:

Package qemu has been built from changeset: http://gerrit.mirantis.com/16090
DEB Repository URL: http://osci-obs.vm.mirantis.net:82/ubuntu-fuel-5.0-stable-16090/ubuntu
You can build an ISO with this package:
make iso EXTRA_DEB_REPOS="http://osci-obs.vm.mirantis.net:82/ubuntu-fuel-5.0-stable-16090/ubuntu /"

Changed in fuel:
status:	Fix Committed → In Progress

Revision history for this message

OSCI Robot (oscirobot) wrote on 2014-06-19:

Package qemu has been built from changeset: http://gerrit.mirantis.com/16293
RPM Repository URL: http://osci-obs.vm.mirantis.net:82/centos-fuel-5.0-stable-16293/centos
You can build an ISO with this package:
make iso EXTRA_RPM_REPOS="osci-testing,http://osci-obs.vm.mirantis.net:82/centos-fuel-5.0-stable-16293/centos"

Michael Semenov (msemenov) on 2014-06-20

Changed in fuel:
assignee:	Fuel Linux Hardening Team (fuel-linux) → MOS Linux (mos-linux)

Dmitry Borodaenko (angdraug) on 2014-06-20

Changed in fuel:
importance:	Undecided → Critical

Revision history for this message

Dmitry Borodaenko (angdraug) wrote on 2014-06-20:

Patches above are targeted at 5.0, we're going to need the same updated packages for 4.1 and 5.1 as well.

Michael Semenov (msemenov) on 2014-07-02

tags:

added: mos-linux

Revision history for this message

Michael Semenov (msemenov) wrote on 2014-07-14:

Fixed by upgrading qemu to 2.0
https://bugs.launchpad.net/fuel/+bug/1321701

Revision history for this message

Michael Semenov (msemenov) wrote on 2014-07-14:

Fixed only in 5.1.
4.1.x - Won't Fix
5.0.x - Won't Fix

Changed in fuel:
status:	In Progress → Opinion

Dmitry Borodaenko (angdraug) on 2014-08-12

Changed in fuel:
status:	Opinion → Fix Committed

Nastya Urlapova (aurlapova) on 2015-10-30

tags:	added: rca-done
tags:	removed: rca-done

Adam Heczko (aheczko-mirantis) on 2015-12-01

Changed in fuel:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.