drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in QEMU (Aktualisierung)
Name: |
Denial of Service in QEMU (Aktualisierung) |
|
ID: |
USN-4467-3 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 20.10 |
|
Datum: |
Mo, 22. Februar 2021, 22:10 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13754 |
|
Applikationen: |
QEMU |
|
Update von: |
Mehrere Probleme in QEMU |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============1840898883933241277== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="3EYi5wXyNn84VtDGRwSqWzPQNFUFg7e7t"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --3EYi5wXyNn84VtDGRwSqWzPQNFUFg7e7t Content-Type: multipart/mixed; boundary="ftR5kIRyUxPps4n20ncSoxntwuWcoOGSK"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> To: "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com> Message-ID: <aafa6f67-825f-e4cc-4060-67f14c604c0e@canonical.com> Subject: [USN-4467-3] QEMU regression
--ftR5kIRyUxPps4n20ncSoxntwuWcoOGSK Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-4467-3 February 22, 2021
qemu regression ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS
Summary:
USN-4467-1 introduced a regression in QEMU.
Software Description: - qemu: Machine emulator and virtualizer
Details:
USN-4467-1 fixed vulnerabilities in QEMU. The fix for CVE-2020-13754 introduced a regression in certain environments. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Ren Ding, Hanqing Zhao, Alexander Bulekov, and Anatoly Trosinenko discovered that the QEMU incorrectly handled certain msi-x mmio operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13754)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: qemu 1:5.0-5ubuntu9.6 qemu-system 1:5.0-5ubuntu9.6 qemu-system-arm 1:5.0-5ubuntu9.6 qemu-system-mips 1:5.0-5ubuntu9.6 qemu-system-misc 1:5.0-5ubuntu9.6 qemu-system-ppc 1:5.0-5ubuntu9.6 qemu-system-s390x 1:5.0-5ubuntu9.6 qemu-system-sparc 1:5.0-5ubuntu9.6 qemu-system-x86 1:5.0-5ubuntu9.6 qemu-system-x86-microvm 1:5.0-5ubuntu9.6 qemu-system-x86-xen 1:5.0-5ubuntu9.6
Ubuntu 20.04 LTS: qemu 1:4.2-3ubuntu6.14 qemu-system 1:4.2-3ubuntu6.14 qemu-system-arm 1:4.2-3ubuntu6.14 qemu-system-mips 1:4.2-3ubuntu6.14 qemu-system-misc 1:4.2-3ubuntu6.14 qemu-system-ppc 1:4.2-3ubuntu6.14 qemu-system-s390x 1:4.2-3ubuntu6.14 qemu-system-sparc 1:4.2-3ubuntu6.14 qemu-system-x86 1:4.2-3ubuntu6.14 qemu-system-x86-microvm 1:4.2-3ubuntu6.14 qemu-system-x86-xen 1:4.2-3ubuntu6.14
Ubuntu 18.04 LTS: qemu 1:2.11+dfsg-1ubuntu7.36 qemu-system 1:2.11+dfsg-1ubuntu7.36 qemu-system-arm 1:2.11+dfsg-1ubuntu7.36 qemu-system-mips 1:2.11+dfsg-1ubuntu7.36 qemu-system-misc 1:2.11+dfsg-1ubuntu7.36 qemu-system-ppc 1:2.11+dfsg-1ubuntu7.36 qemu-system-s390x 1:2.11+dfsg-1ubuntu7.36 qemu-system-sparc 1:2.11+dfsg-1ubuntu7.36 qemu-system-x86 1:2.11+dfsg-1ubuntu7.36
Ubuntu 16.04 LTS: qemu 1:2.5+dfsg-5ubuntu10.51 qemu-system 1:2.5+dfsg-5ubuntu10.51 qemu-system-aarch64 1:2.5+dfsg-5ubuntu10.51 qemu-system-arm 1:2.5+dfsg-5ubuntu10.51 qemu-system-mips 1:2.5+dfsg-5ubuntu10.51 qemu-system-misc 1:2.5+dfsg-5ubuntu10.51 qemu-system-ppc 1:2.5+dfsg-5ubuntu10.51 qemu-system-s390x 1:2.5+dfsg-5ubuntu10.51 qemu-system-sparc 1:2.5+dfsg-5ubuntu10.51 qemu-system-x86 1:2.5+dfsg-5ubuntu10.51
After a standard system update you need to restart all QEMU virtual machines to make all the necessary changes.
References: https://usn.ubuntu.com/4467-3 https://usn.ubuntu.com/4467-1 https://launchpad.net/bugs/1914883
Package Information: https://launchpad.net/ubuntu/+source/qemu/1:5.0-5ubuntu9.6 https://launchpad.net/ubuntu/+source/qemu/1:4.2-3ubuntu6.14 https://launchpad.net/ubuntu/+source/qemu/1:2.11+dfsg-1ubuntu7.36 https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.51
--ftR5kIRyUxPps4n20ncSoxntwuWcoOGSK--
--3EYi5wXyNn84VtDGRwSqWzPQNFUFg7e7t Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmAz73gACgkQZWnYVadE vpNN4Q//WXBCEgHXpL8H1VS5W2rhnclF1cVZQRsMgldjkOjLdiwwX1/JA2L5ILJg dEz4Bn4y47/n/ee/frf/mMOxRMvPRLRgeCpo/zHMKjvTBoh7B9XoFSapCCtSeBQf ltf7LwgZ5h/0Zw8khYGPPvfz/epE6W/k9inkHrGY+fRdLCksRNu4DWD+Rv1F7637 X9/SgNlpiaPUGMWKuy2NQZLRs8qrhwxdB3j6df2yj1xQzIHDKZJOxkpdYglYGYK0 PANuxg1AcerNwWPiGuVWFEBjh0AVFzP9JbgluNdYy3nOqa3S1s9f3TRDFfOzikK3 3uG6b33vOJtozqFdFG+3mNA1eE1B2Cp1TbCgRD9uwr5to//2s4pNp3WiI8D9zxVm 6Z1IxXpNilzVLrXGnJGX/Pr/YxGhdN4uH8s8ZOU9kgJ2CCuTnO0qOQByNPwN9oFg vzHan7ngNh+q/b2EKtTAfAC+MMaaNtyziNLx0i0Lxuqlb9iynbZY5wtg45Gz9aZy n+YPm4fGaz7vfqs/5AhP6HS6r1DM21OuEdWhBQvw8r7eqf0jLCdYFO9o8BEYdRxK T+KHlkhkLVTFoJV50cz5soyYvBQU0j+YvDBr9hSsPvqHXPH0E4qCR2Y8Vqr5LrFI eK8dp5oC4jtTX8WHlrzjCe5oskDXafjGPZXCEa2s/l6BGv8fwtU= =y8AT -----END PGP SIGNATURE-----
--3EYi5wXyNn84VtDGRwSqWzPQNFUFg7e7t--
--===============1840898883933241277== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============1840898883933241277==--
|
|
|
|