drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in QEMU
Name: |
Mehrere Probleme in QEMU |
|
ID: |
USN-2409-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 14.10 |
|
Datum: |
Fr, 14. November 2014, 08:18 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7815 |
|
Applikationen: |
QEMU |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============8282344448414648360== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="kVkvkNCSHbIr1xd68lDRtrnPV4E9MMloj"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --kVkvkNCSHbIr1xd68lDRtrnPV4E9MMloj Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2409-1 November 13, 2014
qemu, qemu-kvm vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in QEMU.
Software Description: - qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer
Details:
Laszlo Ersek discovered that QEMU incorrectly handled memory in the vga device. A malicious guest could possibly use this issue to read arbitrary host memory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-3615)
Xavier Mehrenberger and Stephane Duverger discovered that QEMU incorrectly handled certain udp packets when using guest networking. A malicious guest could possibly use this issue to cause a denial of service. (CVE-2014-3640)
It was discovered that QEMU incorrectly handled parameter validation in the vmware_vga device. A malicious guest could possibly use this issue to write into memory of the host, leading to privilege escalation. (CVE-2014-3689)
It was discovered that QEMU incorrectly handled USB xHCI controller live migration. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-5263)
Michael S. Tsirkin discovered that QEMU incorrectly handled memory in the ACPI PCI hotplug interface. A malicious guest could possibly use this issue to access memory of the host, leading to information disclosure or privilege escalation. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-5388)
James Spadaro discovered that QEMU incorrectly handled certain VNC bytes_per_pixel values. An attacker having access to a VNC console could possibly use this issue to cause a guest to crash, resulting in a denial of service. (CVE-2014-7815)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: qemu-system 2.1+dfsg-4ubuntu6.1 qemu-system-aarch64 2.1+dfsg-4ubuntu6.1 qemu-system-arm 2.1+dfsg-4ubuntu6.1 qemu-system-mips 2.1+dfsg-4ubuntu6.1 qemu-system-misc 2.1+dfsg-4ubuntu6.1 qemu-system-ppc 2.1+dfsg-4ubuntu6.1 qemu-system-sparc 2.1+dfsg-4ubuntu6.1 qemu-system-x86 2.1+dfsg-4ubuntu6.1
Ubuntu 14.04 LTS: qemu-system 2.0.0+dfsg-2ubuntu1.7 qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.7 qemu-system-arm 2.0.0+dfsg-2ubuntu1.7 qemu-system-mips 2.0.0+dfsg-2ubuntu1.7 qemu-system-misc 2.0.0+dfsg-2ubuntu1.7 qemu-system-ppc 2.0.0+dfsg-2ubuntu1.7 qemu-system-sparc 2.0.0+dfsg-2ubuntu1.7 qemu-system-x86 2.0.0+dfsg-2ubuntu1.7
Ubuntu 12.04 LTS: qemu-kvm 1.0+noroms-0ubuntu14.19
Ubuntu 10.04 LTS: qemu-kvm 0.12.3+noroms-0ubuntu9.25
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2409-1 CVE-2014-3615, CVE-2014-3640, CVE-2014-3689, CVE-2014-5263, CVE-2014-5388, CVE-2014-7815
Package Information: https://launchpad.net/ubuntu/+source/qemu/2.1+dfsg-4ubuntu6.1 https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.7 https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.19 https://launchpad.net/ubuntu/+source/qemu-kvm/0.12.3+noroms-0ubuntu9.25
--kVkvkNCSHbIr1xd68lDRtrnPV4E9MMloj Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJUZLQHAAoJEGVp2FWnRL6T1oUP/2jT3qPdGEQBGeWmSi8RjnNC diruwG9Kqy9o+0322X3XGAw4SzefHrax2FX5o7r9vs5On/kz9VZGcGl2rb5iDe3m FGm3t8ZjthBARII3WUz1KPR0GOjC0qFfnZ+vhGyl76Yi+tL+ol27F3jTbG7fj8ft O27uaNtr12O4B2qGqEw/OD3Uxv8PG4KLCgrdUhhpXFxuf/d1DTvjHGa3xvRjLPF8 MCp6qMvcFps6Lv7pUPr7/ZuBpt8/dX8iycHXhS7y4Q6hzoIivNws4RfO5rwBFuyf ybjMhTzsMdox2QPCEIRXjHxVUohs+tTotz5DeNZhZmTjb8VrjQ7DgyvQ4zVZKEWC JkTBeop23htwTJZf86Vm5Ai+JuvNszO4ze7/pp0JVF+6CmHeTs5sMNw8N5hZOyzl JrUzzBIfsICrdeEHaVQNrqUnsGps/vvkO4BwUQkQdmUKFRfIXqCUzrB1pAUG3buP AMqXvzsOP8q+28RBix2B0RUjDJYnfTomxtmU/CONn/OqafYSmil/0b7wh7cvS8yv 0dFc1U9p/0+2DBl2Iw5RTXeiNImEtzKS9+r/bX6BCCtrpJiBwpcdfQ/avfeKXimM nQctLuPQ31T+UJMVMBcy9bLN++DPRp3ZKMwkwHEpuIVRFnDH71PxzjUvpmKdCbrr DWY4MolnnW+GqgpxU2fu =Nzun -----END PGP SIGNATURE-----
--kVkvkNCSHbIr1xd68lDRtrnPV4E9MMloj--
--===============8282344448414648360== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8282344448414648360==--
|
|
|
|