drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in QEMU
Name: |
Mehrere Probleme in QEMU |
|
ID: |
USN-2692-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 15.04 |
|
Datum: |
Di, 28. Juli 2015, 22:36 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5158 |
|
Applikationen: |
QEMU |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============3320774009132959133== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="f2rAr2gXa7RlETCMbPd3Ch68jD8u7cG7Q"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --f2rAr2gXa7RlETCMbPd3Ch68jD8u7cG7Q Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2692-1 July 28, 2015
qemu vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04 - Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in QEMU.
Software Description: - qemu: Machine emulator and virtualizer
Details:
Matt Tait discovered that QEMU incorrectly handled PIT emulation. In a non-default configuration, a malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2015-3214)
Kevin Wolf discovered that QEMU incorrectly handled processing ATAPI commands. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2015-5154)
Zhu Donghai discovered that QEMU incorrectly handled the SCSI driver. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 15.04. (CVE-2015-5158)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.04: qemu-system 1:2.2+dfsg-5expubuntu9.3 qemu-system-aarch64 1:2.2+dfsg-5expubuntu9.3 qemu-system-arm 1:2.2+dfsg-5expubuntu9.3 qemu-system-mips 1:2.2+dfsg-5expubuntu9.3 qemu-system-misc 1:2.2+dfsg-5expubuntu9.3 qemu-system-ppc 1:2.2+dfsg-5expubuntu9.3 qemu-system-sparc 1:2.2+dfsg-5expubuntu9.3 qemu-system-x86 1:2.2+dfsg-5expubuntu9.3
Ubuntu 14.04 LTS: qemu-system 2.0.0+dfsg-2ubuntu1.15 qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.15 qemu-system-arm 2.0.0+dfsg-2ubuntu1.15 qemu-system-mips 2.0.0+dfsg-2ubuntu1.15 qemu-system-misc 2.0.0+dfsg-2ubuntu1.15 qemu-system-ppc 2.0.0+dfsg-2ubuntu1.15 qemu-system-sparc 2.0.0+dfsg-2ubuntu1.15 qemu-system-x86 2.0.0+dfsg-2ubuntu1.15
After a standard system update you need to restart all QEMU virtual machines to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2692-1 CVE-2015-3214, CVE-2015-5154, CVE-2015-5158
Package Information: https://launchpad.net/ubuntu/+source/qemu/1:2.2+dfsg-5expubuntu9.3 https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.15
--f2rAr2gXa7RlETCMbPd3Ch68jD8u7cG7Q Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJVt7EFAAoJEGVp2FWnRL6TAOYQAJaudq+tp9MiOFKvV0QiSAbq mWbxhfJuACwbJ6VkKnmwOvU6oq+k5Wxm38r2MDGDaCA7V5wbUnZWqAyiW2dHsYAo pwTBGgUAjZYHNKGXQtuk96uPYhrxGb8e7bvv5MAmO/2C3w7VJTLeaJySIMHqWeB5 EMKvFP+yeCG394x/FBua8IB9N5vUjIwuTc2hrIjon5AjWrVAHF0Pcj3s67jWiZrT FU+AEm5zd2fvBhm/6pTtqyF5PcnQqJC918EuU0MH4FPVqHpkJzt9XHIAi1HJ952Q AwMOMxOOoBQpaJ7CmE9sugw3K0hWn8Q6FIFkAIUWzkDW7efgWyaDZ7OhrnWt+Inm tcAV13Agh4COPNcrS0XnJIaXWygXn/NOp1y5c78IyObLRSiJXjgqc65rd35HrrST qqdo+JnnZmBHKvli+L6FDGf2EqUQDqynLkwrsLlGKYaxazctQVdlB3N887QDibKi HQANTx4iZF84wCShbMyydBmRnvnyuPKX3Lich8Sd2n1g6KVKt8B77HWu8ZanqaDM zRvP1R7okuHSlngMI3XufpEScMfh4UrRjCOXUD8T8EonquD5DWBqUJgWaUuKhswK viSTCB+ehTA2AHYF9+6HVD64gYgiwxNNSMFFLoWQgxFVQNbereG9jUWfI+ven3mU kFaiKgjSHZqyYXGPgOPy =txio -----END PGP SIGNATURE-----
--f2rAr2gXa7RlETCMbPd3Ch68jD8u7cG7Q--
--===============3320774009132959133== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============3320774009132959133==--
|
|
|
|