drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in QEMU
| Name: |
Mehrere Probleme in QEMU |
|
| ID: |
USN-2608-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 14.10, Ubuntu 15.04 |
|
| Datum: |
Mi, 13. Mai 2015, 23:18 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1779
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456 |
|
| Applikationen: |
QEMU |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============6323369745312994665==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="huDfO1s4d5UgPk0Fwc9r0wGQawJ7OSOS6"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--huDfO1s4d5UgPk0Fwc9r0wGQawJ7OSOS6
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-2608-1
May 13, 2015
qemu, qemu-kvm vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in QEMU.
Software Description:
- qemu: Machine emulator and virtualizer
- qemu-kvm: Machine emulator and virtualizer
Details:
Jason Geffner discovered that QEMU incorrectly handled the virtual floppy
driver. This issue is known as VENOM. A malicious guest could use this
issue to cause a denial of service, or possibly execute arbitrary code on
the host as the user running the QEMU process. In the default installation,
when QEMU is used with libvirt, attackers would be isolated by the libvirt
AppArmor profile. (CVE-2015-3456)
Daniel P. Berrange discovered that QEMU incorrectly handled VNC websockets.
A remote attacker could use this issue to cause QEMU to consume memory,
resulting in a denial of service. This issue only affected Ubuntu 14.04
LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-1779)
Jan Beulich discovered that QEMU, when used with Xen, didn't properly
restrict access to PCI command registers. A malicious guest could use this
issue to cause a denial of service. This issue only affected Ubuntu 14.04
LTS and Ubuntu 14.10. (CVE-2015-2756)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.04:
qemu-system 1:2.2+dfsg-5expubuntu9.1
qemu-system-aarch64 1:2.2+dfsg-5expubuntu9.1
qemu-system-arm 1:2.2+dfsg-5expubuntu9.1
qemu-system-mips 1:2.2+dfsg-5expubuntu9.1
qemu-system-misc 1:2.2+dfsg-5expubuntu9.1
qemu-system-ppc 1:2.2+dfsg-5expubuntu9.1
qemu-system-sparc 1:2.2+dfsg-5expubuntu9.1
qemu-system-x86 1:2.2+dfsg-5expubuntu9.1
Ubuntu 14.10:
qemu-system 2.1+dfsg-4ubuntu6.6
qemu-system-aarch64 2.1+dfsg-4ubuntu6.6
qemu-system-arm 2.1+dfsg-4ubuntu6.6
qemu-system-mips 2.1+dfsg-4ubuntu6.6
qemu-system-misc 2.1+dfsg-4ubuntu6.6
qemu-system-ppc 2.1+dfsg-4ubuntu6.6
qemu-system-sparc 2.1+dfsg-4ubuntu6.6
qemu-system-x86 2.1+dfsg-4ubuntu6.6
Ubuntu 14.04 LTS:
qemu-system 2.0.0+dfsg-2ubuntu1.11
qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.11
qemu-system-arm 2.0.0+dfsg-2ubuntu1.11
qemu-system-mips 2.0.0+dfsg-2ubuntu1.11
qemu-system-misc 2.0.0+dfsg-2ubuntu1.11
qemu-system-ppc 2.0.0+dfsg-2ubuntu1.11
qemu-system-sparc 2.0.0+dfsg-2ubuntu1.11
qemu-system-x86 2.0.0+dfsg-2ubuntu1.11
Ubuntu 12.04 LTS:
qemu-kvm 1.0+noroms-0ubuntu14.22
After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2608-1
CVE-2015-1779, CVE-2015-2756, CVE-2015-3456
Package Information:
https://launchpad.net/ubuntu/+source/qemu/1:2.2+dfsg-5expubuntu9.1
https://launchpad.net/ubuntu/+source/qemu/2.1+dfsg-4ubuntu6.6
https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.11
https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.22
--huDfO1s4d5UgPk0Fwc9r0wGQawJ7OSOS6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVU4p3AAoJEGVp2FWnRL6TRrgP/A7/6GoYSQTdFOIHfLrvNOmF
+fArShxLlEoPLlnfCZSYSP8ohYve9/25UzOqo9Gz3TATcsZwV9s7LtMCr4V0IXgq
8utL0kcYHAUNIrhREVXKagTYcHbLCvxRCXFNOQkzl5fD5d86dc20leELi97SsixO
5Zi0FRtHUX2q8A67iK3lrodFeN8SzZTa2g/xLsbBe3mir9b7mTugk7y51uADvg58
ylA6wlPUE2QYhEbPJ/V4bDv6Hd0OENXnWy4uMFRlv9+McLpgifnuzY/XNgiyMx8o
oSDWU6L6bsqpCoB8F04n6AFbgOPS44LHBzYHKS89ziawJV42hEkvPRU5qh7MlzaX
7PtostQ24951oe0Dh8UbC0rHuJuTaJVcS5AhGo3piYkViRXUl6tioTzOnZ6i/qoi
3Sr6QaKS/gNeQt8r3DCfjTWeyhSdF0kGUPWFPqTFzq3Gpntj3VL+cyPUCZ13Whth
03Nu4ElstnU0bo3WnKUZmmr2Jz922D43eZ9RO1IzSLd8f0PlFeML7DIRHPrT2y0B
bwCiyaR6Gw6AeE2D02nt/9ZyGYRcd9AmuAkVbNChw7kOafIsKvRQwRX3Jo3U2lEi
NBG+1CqYA839EVqhiTYduifCrckJTqcgOC0YNp7VWUepQY6cVfIZEOrbdiRan1RW
uP08dY3etVVXGrAstzCo
=k72U
-----END PGP SIGNATURE-----
--huDfO1s4d5UgPk0Fwc9r0wGQawJ7OSOS6--
--===============6323369745312994665==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============6323369745312994665==--
|
|
|
|
