Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in QEMU
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in QEMU
ID: USN-1590-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS, Ubuntu 11.04, Ubuntu 11.10, Ubuntu 12.04 LTS
Datum: Di, 2. Oktober 2012, 18:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3515
Applikationen: QEMU

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============2854978951464011139==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enigEC5B4FFB7298B67098507CD2"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigEC5B4FFB7298B67098507CD2
Content-Type: text/plain; charset=ISO-8859-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1590-1
October 02, 2012

qemu-kvm vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS

Summary:

QEMU could be made to crash or run programs.

Software Description:
- qemu-kvm: Machine emulator and virtualizer

Details:

It was discovered that QEMU incorrectly handled certain VT100 escape
sequences. A guest user with access to an emulated character device could
use this flaw to cause QEMU to crash, or possibly execute arbitrary code on
the host.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
qemu-kvm 1.0+noroms-0ubuntu14.2

Ubuntu 11.10:
qemu-kvm 0.14.1+noroms-0ubuntu6.5

Ubuntu 11.04:
qemu-kvm 0.14.0+noroms-0ubuntu4.7

Ubuntu 10.04 LTS:
qemu-kvm 0.12.3+noroms-0ubuntu9.20

After a standard system update you need to restart your virtual machines to
make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1590-1
CVE-2012-3515

Package Information:
https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.2
https://launchpad.net/ubuntu/+source/qemu-kvm/0.14.1+noroms-0ubuntu6.5
https://launchpad.net/ubuntu/+source/qemu-kvm/0.14.0+noroms-0ubuntu4.7
https://launchpad.net/ubuntu/+source/qemu-kvm/0.12.3+noroms-0ubuntu9.20



--------------enigEC5B4FFB7298B67098507CD2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBCgAGBQJQavb4AAoJEGVp2FWnRL6TZgsQAIhkOLqZTK7zBWxKnu2L+JCB
8bwUfzcLkXBbNh1pDbo8PV1V5WE4vxgB/erg28D7V6ynI2uXWVY7PUmtnUYBOPBH
sJYSXMQsJdMG9onJI0XHNx8lKrOQ0sVo9+8DtDxaD/eo1jbxdDZS+Uun964mdfqE
Dka1PsfZ5A39v9kD5NAAsxqDjGF2CBd3nr7ZPh+vQFNHlOUgIcPTHJwA8XPqr6p8
QkbTs9WFLIlnkvg+KuJTWP4IlLus+xhWPAjwjSrN3sHbplza4eVkYBGV2ZZu8DCr
AvsyEXI0AHCO+UYVHaBLPY51yekfaQ0EhHb2ImDkqGH5Iwnw9fjn/EDZSzgmwVGe
4hoSAGB8/cbYC2GHun9NKpVTsubqYwJTi8Q/XBw325o498d8K2YJ4HxATF4W7awn
JEHzdGlRxl3I5zRIhiwRuasni2RE6kdjVUOPvJs8nEtAHOw40DT8zJolXzu5QE8r
KI+3Zp47T29krQnZFEWdt9s+BAP7Yh66BqMNF5u2OuApbM84H61Ivl/KmqmUIk4r
GRApOO7kdTEKb+XdyAb0C50BXeM1rvs5TIbPBkvM48Z8DTup7blbfVNl2sh/EMuH
raeJrOmoPVtVDN85j1ZXHQFoG3BmVkBf8B+VOBWvl4kFl3vXNxUvKAAIudpf2kvI
VBgiEqDmoaBv2cY6/bpK
=KEM/
-----END PGP SIGNATURE-----

--------------enigEC5B4FFB7298B67098507CD2--


--===============2854978951464011139==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============2854978951464011139==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung