Sicherheit: Denial of Service in QEMU (Aktualisierung)

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1840898883933241277==
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="3EYi5wXyNn84VtDGRwSqWzPQNFUFg7e7t"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--3EYi5wXyNn84VtDGRwSqWzPQNFUFg7e7t
Content-Type: multipart/mixed;
boundary="ftR5kIRyUxPps4n20ncSoxntwuWcoOGSK";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
<ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <aafa6f67-825f-e4cc-4060-67f14c604c0e@canonical.com>
Subject: [USN-4467-3] QEMU regression

--ftR5kIRyUxPps4n20ncSoxntwuWcoOGSK
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4467-3
February 22, 2021

qemu regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

USN-4467-1 introduced a regression in QEMU.

Software Description:
- qemu: Machine emulator and virtualizer

Details:

USN-4467-1 fixed vulnerabilities in QEMU. The fix for CVE-2020-13754
introduced a regression in certain environments. This update fixes the
problem.

We apologize for the inconvenience.

Original advisory details:

Ren Ding, Hanqing Zhao, Alexander Bulekov, and Anatoly Trosinenko
discovered that the QEMU incorrectly handled certain msi-x mmio operations.
An attacker inside a guest could possibly use this issue to cause QEMU to
crash, resulting in a denial of service. (CVE-2020-13754)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
qemu 1:5.0-5ubuntu9.6
qemu-system 1:5.0-5ubuntu9.6
qemu-system-arm 1:5.0-5ubuntu9.6
qemu-system-mips 1:5.0-5ubuntu9.6
qemu-system-misc 1:5.0-5ubuntu9.6
qemu-system-ppc 1:5.0-5ubuntu9.6
qemu-system-s390x 1:5.0-5ubuntu9.6
qemu-system-sparc 1:5.0-5ubuntu9.6
qemu-system-x86 1:5.0-5ubuntu9.6
qemu-system-x86-microvm 1:5.0-5ubuntu9.6
qemu-system-x86-xen 1:5.0-5ubuntu9.6

Ubuntu 20.04 LTS:
qemu 1:4.2-3ubuntu6.14
qemu-system 1:4.2-3ubuntu6.14
qemu-system-arm 1:4.2-3ubuntu6.14
qemu-system-mips 1:4.2-3ubuntu6.14
qemu-system-misc 1:4.2-3ubuntu6.14
qemu-system-ppc 1:4.2-3ubuntu6.14
qemu-system-s390x 1:4.2-3ubuntu6.14
qemu-system-sparc 1:4.2-3ubuntu6.14
qemu-system-x86 1:4.2-3ubuntu6.14
qemu-system-x86-microvm 1:4.2-3ubuntu6.14
qemu-system-x86-xen 1:4.2-3ubuntu6.14

Ubuntu 18.04 LTS:
qemu 1:2.11+dfsg-1ubuntu7.36
qemu-system 1:2.11+dfsg-1ubuntu7.36
qemu-system-arm 1:2.11+dfsg-1ubuntu7.36
qemu-system-mips 1:2.11+dfsg-1ubuntu7.36
qemu-system-misc 1:2.11+dfsg-1ubuntu7.36
qemu-system-ppc 1:2.11+dfsg-1ubuntu7.36
qemu-system-s390x 1:2.11+dfsg-1ubuntu7.36
qemu-system-sparc 1:2.11+dfsg-1ubuntu7.36
qemu-system-x86 1:2.11+dfsg-1ubuntu7.36

Ubuntu 16.04 LTS:
qemu 1:2.5+dfsg-5ubuntu10.51
qemu-system 1:2.5+dfsg-5ubuntu10.51
qemu-system-aarch64 1:2.5+dfsg-5ubuntu10.51
qemu-system-arm 1:2.5+dfsg-5ubuntu10.51
qemu-system-mips 1:2.5+dfsg-5ubuntu10.51
qemu-system-misc 1:2.5+dfsg-5ubuntu10.51
qemu-system-ppc 1:2.5+dfsg-5ubuntu10.51
qemu-system-s390x 1:2.5+dfsg-5ubuntu10.51
qemu-system-sparc 1:2.5+dfsg-5ubuntu10.51
qemu-system-x86 1:2.5+dfsg-5ubuntu10.51

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References:
https://usn.ubuntu.com/4467-3
https://usn.ubuntu.com/4467-1
https://launchpad.net/bugs/1914883

Package Information:
https://launchpad.net/ubuntu/+source/qemu/1:5.0-5ubuntu9.6
https://launchpad.net/ubuntu/+source/qemu/1:4.2-3ubuntu6.14
https://launchpad.net/ubuntu/+source/qemu/1:2.11+dfsg-1ubuntu7.36
https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.51

--ftR5kIRyUxPps4n20ncSoxntwuWcoOGSK--

--3EYi5wXyNn84VtDGRwSqWzPQNFUFg7e7t
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmAz73gACgkQZWnYVadE
vpNN4Q//WXBCEgHXpL8H1VS5W2rhnclF1cVZQRsMgldjkOjLdiwwX1/JA2L5ILJg
dEz4Bn4y47/n/ee/frf/mMOxRMvPRLRgeCpo/zHMKjvTBoh7B9XoFSapCCtSeBQf
ltf7LwgZ5h/0Zw8khYGPPvfz/epE6W/k9inkHrGY+fRdLCksRNu4DWD+Rv1F7637
X9/SgNlpiaPUGMWKuy2NQZLRs8qrhwxdB3j6df2yj1xQzIHDKZJOxkpdYglYGYK0
PANuxg1AcerNwWPiGuVWFEBjh0AVFzP9JbgluNdYy3nOqa3S1s9f3TRDFfOzikK3
3uG6b33vOJtozqFdFG+3mNA1eE1B2Cp1TbCgRD9uwr5to//2s4pNp3WiI8D9zxVm
6Z1IxXpNilzVLrXGnJGX/Pr/YxGhdN4uH8s8ZOU9kgJ2CCuTnO0qOQByNPwN9oFg
vzHan7ngNh+q/b2EKtTAfAC+MMaaNtyziNLx0i0Lxuqlb9iynbZY5wtg45Gz9aZy
n+YPm4fGaz7vfqs/5AhP6HS6r1DM21OuEdWhBQvw8r7eqf0jLCdYFO9o8BEYdRxK
T+KHlkhkLVTFoJV50cz5soyYvBQU0j+YvDBr9hSsPvqHXPH0E4qCR2Y8Vqr5LrFI
eK8dp5oC4jtTX8WHlrzjCe5oskDXafjGPZXCEa2s/l6BGv8fwtU=
=y8AT
-----END PGP SIGNATURE-----

--3EYi5wXyNn84VtDGRwSqWzPQNFUFg7e7t--

--===============1840898883933241277==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============1840898883933241277==--