drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in QEMU
Name: |
Mehrere Probleme in QEMU |
|
ID: |
USN-3289-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 16.10, Ubuntu 17.04 |
|
Datum: |
Di, 16. Mai 2017, 18:39 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8309
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7980
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8379
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7377 |
|
Applikationen: |
QEMU |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============0065321777143666189== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="REAqjCrs0VsSLSFtCqJjMxlCKsen2uoT0"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --REAqjCrs0VsSLSFtCqJjMxlCKsen2uoT0 Content-Type: multipart/mixed; boundary="ubFKhm45l1pNiWCrxPnMoAAicQMgFCmVm" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <9da1bf8e-9730-6b3d-bd28-6b3c325c99bc@canonical.com> Subject: [USN-3289-1] QEMU vulnerabilities
--ubFKhm45l1pNiWCrxPnMoAAicQMgFCmVm Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3289-1 May 16, 2017
qemu vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04 - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in QEMU.
Software Description: - qemu: Machine emulator and virtualizer
Details:
Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-7377, CVE-2017-8086)
Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-7718)
Li Qiang and Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device when being used with a VNC connection. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2017-7980)
Jiang Xin discovered that QEMU incorrectly handled the audio subsystem. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-8309)
Jiang Xin discovered that QEMU incorrectly handled the input subsystem. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-8379)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: qemu-system 1:2.8+dfsg-3ubuntu2.2 qemu-system-aarch64 1:2.8+dfsg-3ubuntu2.2 qemu-system-arm 1:2.8+dfsg-3ubuntu2.2 qemu-system-mips 1:2.8+dfsg-3ubuntu2.2 qemu-system-misc 1:2.8+dfsg-3ubuntu2.2 qemu-system-ppc 1:2.8+dfsg-3ubuntu2.2 qemu-system-s390x 1:2.8+dfsg-3ubuntu2.2 qemu-system-sparc 1:2.8+dfsg-3ubuntu2.2 qemu-system-x86 1:2.8+dfsg-3ubuntu2.2
Ubuntu 16.10: qemu-system 1:2.6.1+dfsg-0ubuntu5.5 qemu-system-aarch64 1:2.6.1+dfsg-0ubuntu5.5 qemu-system-arm 1:2.6.1+dfsg-0ubuntu5.5 qemu-system-mips 1:2.6.1+dfsg-0ubuntu5.5 qemu-system-misc 1:2.6.1+dfsg-0ubuntu5.5 qemu-system-ppc 1:2.6.1+dfsg-0ubuntu5.5 qemu-system-s390x 1:2.6.1+dfsg-0ubuntu5.5 qemu-system-sparc 1:2.6.1+dfsg-0ubuntu5.5 qemu-system-x86 1:2.6.1+dfsg-0ubuntu5.5
Ubuntu 16.04 LTS: qemu-system 1:2.5+dfsg-5ubuntu10.14 qemu-system-aarch64 1:2.5+dfsg-5ubuntu10.14 qemu-system-arm 1:2.5+dfsg-5ubuntu10.14 qemu-system-mips 1:2.5+dfsg-5ubuntu10.14 qemu-system-misc 1:2.5+dfsg-5ubuntu10.14 qemu-system-ppc 1:2.5+dfsg-5ubuntu10.14 qemu-system-s390x 1:2.5+dfsg-5ubuntu10.14 qemu-system-sparc 1:2.5+dfsg-5ubuntu10.14 qemu-system-x86 1:2.5+dfsg-5ubuntu10.14
Ubuntu 14.04 LTS: qemu-system 2.0.0+dfsg-2ubuntu1.34 qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.34 qemu-system-arm 2.0.0+dfsg-2ubuntu1.34 qemu-system-mips 2.0.0+dfsg-2ubuntu1.34 qemu-system-misc 2.0.0+dfsg-2ubuntu1.34 qemu-system-ppc 2.0.0+dfsg-2ubuntu1.34 qemu-system-sparc 2.0.0+dfsg-2ubuntu1.34 qemu-system-x86 2.0.0+dfsg-2ubuntu1.34
After a standard system update you need to restart all QEMU virtual machines to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3289-1 CVE-2017-7377, CVE-2017-7718, CVE-2017-7980, CVE-2017-8086, CVE-2017-8309, CVE-2017-8379
Package Information: https://launchpad.net/ubuntu/+source/qemu/1:2.8+dfsg-3ubuntu2.2 https://launchpad.net/ubuntu/+source/qemu/1:2.6.1+dfsg-0ubuntu5.5 https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.14 https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.34
--ubFKhm45l1pNiWCrxPnMoAAicQMgFCmVm--
--REAqjCrs0VsSLSFtCqJjMxlCKsen2uoT0 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJZGycRAAoJEGVp2FWnRL6TrIgQAKmvVtUPvDMfo6rHJJqaehDo bBKK/jEDVmDzAiTsWn/lcysWcLSvIXlEdUB9JacVa9MFSPHuQ21CBUBc604iXl1u hMyiA5OrN64T5d/mvT1Tmwa+5z5Stv+Mqdl+Ov4GHTl2d4rfRujIY/KcxrROqkkr WzeU01f5L49tq7Kh/xuCqLWP6RGuU+7mn0aVqL4Yg3/8tRJwAfSALVpYOh/rP36f KbLXaFlTmj0j07SxSEFpaBtU7R7JrOSVvn/fg/aknzCTPrYUtfXJPdOd891BzHfb hscGPZ5QWa33ogOMad3mJnpYcQop/Ab1tz4IyqpCP1t/UZh/mbJqaMwgBJbhG95n QWuZbNDgm9vpaMb1iZEat+1aedAoVw1bo503VG79TKl+v9d78CXzO4Ru8QLCS73l oOgqjzzjyIvD48b/h6/jO0EcgjKmOYleBp+/57VVWh0wphDYyYtOKbO1oGTX80Ev TgtCwle4YbWPQm7QxbhcX1agwrfOg7YPIIvA3tR51mFjbqfswaFuZxyavwtrcyW3 YqpoCyNtiISy2+O4G3eE9O8nQ0H6WzZHHWZpuEa/rK9mTjnT0eSzE0moqfM6Q/pu n+oQYHipwxcM1E64kmkjO2/84CPjtrC37rrlBRtMclkI5UnWBWvHxnibi/7ormDR +H02z9ETovIma3MP8JCM =dYtl -----END PGP SIGNATURE-----
--REAqjCrs0VsSLSFtCqJjMxlCKsen2uoT0--
--===============0065321777143666189== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============0065321777143666189==--
|
|
|
|