drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in QEMU
Name: |
Ausführen beliebiger Kommandos in QEMU |
|
ID: |
USN-1590-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 11.04, Ubuntu 11.10, Ubuntu 12.04 LTS |
|
Datum: |
Di, 2. Oktober 2012, 18:00 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3515 |
|
Applikationen: |
QEMU |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --===============2854978951464011139== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigEC5B4FFB7298B67098507CD2"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigEC5B4FFB7298B67098507CD2 Content-Type: text/plain; charset=ISO-8859- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1590-1 October 02, 2012
qemu-kvm vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS
Summary:
QEMU could be made to crash or run programs.
Software Description: - qemu-kvm: Machine emulator and virtualizer
Details:
It was discovered that QEMU incorrectly handled certain VT100 escape sequences. A guest user with access to an emulated character device could use this flaw to cause QEMU to crash, or possibly execute arbitrary code on the host.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: qemu-kvm 1.0+noroms-0ubuntu14.2
Ubuntu 11.10: qemu-kvm 0.14.1+noroms-0ubuntu6.5
Ubuntu 11.04: qemu-kvm 0.14.0+noroms-0ubuntu4.7
Ubuntu 10.04 LTS: qemu-kvm 0.12.3+noroms-0ubuntu9.20
After a standard system update you need to restart your virtual machines to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1590-1 CVE-2012-3515
Package Information: https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.2 https://launchpad.net/ubuntu/+source/qemu-kvm/0.14.1+noroms-0ubuntu6.5 https://launchpad.net/ubuntu/+source/qemu-kvm/0.14.0+noroms-0ubuntu4.7 https://launchpad.net/ubuntu/+source/qemu-kvm/0.12.3+noroms-0ubuntu9.20
--------------enigEC5B4FFB7298B67098507CD2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iQIcBAEBCgAGBQJQavb4AAoJEGVp2FWnRL6TZgsQAIhkOLqZTK7zBWxKnu2L+JCB 8bwUfzcLkXBbNh1pDbo8PV1V5WE4vxgB/erg28D7V6ynI2uXWVY7PUmtnUYBOPBH sJYSXMQsJdMG9onJI0XHNx8lKrOQ0sVo9+8DtDxaD/eo1jbxdDZS+Uun964mdfqE Dka1PsfZ5A39v9kD5NAAsxqDjGF2CBd3nr7ZPh+vQFNHlOUgIcPTHJwA8XPqr6p8 QkbTs9WFLIlnkvg+KuJTWP4IlLus+xhWPAjwjSrN3sHbplza4eVkYBGV2ZZu8DCr AvsyEXI0AHCO+UYVHaBLPY51yekfaQ0EhHb2ImDkqGH5Iwnw9fjn/EDZSzgmwVGe 4hoSAGB8/cbYC2GHun9NKpVTsubqYwJTi8Q/XBw325o498d8K2YJ4HxATF4W7awn JEHzdGlRxl3I5zRIhiwRuasni2RE6kdjVUOPvJs8nEtAHOw40DT8zJolXzu5QE8r KI+3Zp47T29krQnZFEWdt9s+BAP7Yh66BqMNF5u2OuApbM84H61Ivl/KmqmUIk4r GRApOO7kdTEKb+XdyAb0C50BXeM1rvs5TIbPBkvM48Z8DTup7blbfVNl2sh/EMuH raeJrOmoPVtVDN85j1ZXHQFoG3BmVkBf8B+VOBWvl4kFl3vXNxUvKAAIudpf2kvI VBgiEqDmoaBv2cY6/bpK =KEM/ -----END PGP SIGNATURE-----
--------------enigEC5B4FFB7298B67098507CD2--
--===============2854978951464011139== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============2854978951464011139==--
|
|
|
|