This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============4570082463025293752== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="vCJsUacbNeRW89gmxlnrq6BOeAK52MkAM"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --vCJsUacbNeRW89gmxlnrq6BOeAK52MkAM Content-Type: multipart/mixed; boundary="zEldtePTDaNWiOEp4YB14YqHCjZp78x6Z"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <968037ca-c01c-9c51-c501-889ba3f473fe@canonical.com> Subject: [USN-3923-1] QEMU vulnerabilities
--zEldtePTDaNWiOEp4YB14YqHCjZp78x6Z Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3923-1 March 27, 2019
qemu vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in QEMU.
Software Description: - qemu: Machine emulator and virtualizer
Details:
Michael Hanselmann discovered that QEMU incorrectly handled the Media Transfer Protocol (MTP). An attacker inside the guest could use this issue to read or write arbitrary files and cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.10. (CVE-2018-16867)
Michael Hanselmann discovered that QEMU incorrectly handled the Media Transfer Protocol (MTP). An attacker inside the guest could use this issue to read arbitrary files, contrary to expectations. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16872)
Zhibin Hu discovered that QEMU incorrectly handled the Plan 9 File System support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-19489)
Li Quang and Saar Amar discovered multiple issues in the QEMU PVRDMA device. An attacker inside the guest could use these issues to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.10. These issues were resolved by disabling PVRDMA support in Ubuntu 18.10. (CVE-2018-20123, CVE-2018-20124, CVE-2018-20125, CVE-2018-20126, CVE-2018-20191, CVE-2018-20216)
Michael Hanselmann discovered that QEMU incorrectly handled certain i2c commands. A local attacker could possibly use this issue to read QEMU process memory. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2019-3812)
It was discovered that QEMU incorrectly handled the Slirp networking back-end. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2019-6778)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10: qemu-system 1:2.12+dfsg-3ubuntu8.6 qemu-system-arm 1:2.12+dfsg-3ubuntu8.6 qemu-system-data 1:2.12+dfsg-3ubuntu8.6 qemu-system-gui 1:2.12+dfsg-3ubuntu8.6 qemu-system-mips 1:2.12+dfsg-3ubuntu8.6 qemu-system-misc 1:2.12+dfsg-3ubuntu8.6 qemu-system-ppc 1:2.12+dfsg-3ubuntu8.6 qemu-system-s390x 1:2.12+dfsg-3ubuntu8.6 qemu-system-sparc 1:2.12+dfsg-3ubuntu8.6 qemu-system-x86 1:2.12+dfsg-3ubuntu8.6
Ubuntu 18.04 LTS: qemu-system 1:2.11+dfsg-1ubuntu7.12 qemu-system-arm 1:2.11+dfsg-1ubuntu7.12 qemu-system-mips 1:2.11+dfsg-1ubuntu7.12 qemu-system-misc 1:2.11+dfsg-1ubuntu7.12 qemu-system-ppc 1:2.11+dfsg-1ubuntu7.12 qemu-system-s390x 1:2.11+dfsg-1ubuntu7.12 qemu-system-sparc 1:2.11+dfsg-1ubuntu7.12 qemu-system-x86 1:2.11+dfsg-1ubuntu7.12
Ubuntu 16.04 LTS: qemu-system 1:2.5+dfsg-5ubuntu10.36 qemu-system-aarch64 1:2.5+dfsg-5ubuntu10.36 qemu-system-arm 1:2.5+dfsg-5ubuntu10.36 qemu-system-mips 1:2.5+dfsg-5ubuntu10.36 qemu-system-misc 1:2.5+dfsg-5ubuntu10.36 qemu-system-ppc 1:2.5+dfsg-5ubuntu10.36 qemu-system-s390x 1:2.5+dfsg-5ubuntu10.36 qemu-system-sparc 1:2.5+dfsg-5ubuntu10.36 qemu-system-x86 1:2.5+dfsg-5ubuntu10.36
Ubuntu 14.04 LTS: qemu-system 2.0.0+dfsg-2ubuntu1.45 qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.45 qemu-system-arm 2.0.0+dfsg-2ubuntu1.45 qemu-system-mips 2.0.0+dfsg-2ubuntu1.45 qemu-system-misc 2.0.0+dfsg-2ubuntu1.45 qemu-system-ppc 2.0.0+dfsg-2ubuntu1.45 qemu-system-sparc 2.0.0+dfsg-2ubuntu1.45 qemu-system-x86 2.0.0+dfsg-2ubuntu1.45
After a standard system update you need to restart all QEMU virtual machines to make all the necessary changes.
References: https://usn.ubuntu.com/usn/usn-3923-1 CVE-2018-16867, CVE-2018-16872, CVE-2018-19489, CVE-2018-20123, CVE-2018-20124, CVE-2018-20125, CVE-2018-20126, CVE-2018-20191, CVE-2018-20216, CVE-2019-3812, CVE-2019-6778
Package Information: https://launchpad.net/ubuntu/+source/qemu/1:2.12+dfsg-3ubuntu8.6 https://launchpad.net/ubuntu/+source/qemu/1:2.11+dfsg-1ubuntu7.12 https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.36 https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.45
--zEldtePTDaNWiOEp4YB14YqHCjZp78x6Z--
--vCJsUacbNeRW89gmxlnrq6BOeAK52MkAM Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlybbyYACgkQZWnYVadE vpMO2g//VRzSBlsDNeqc/uVRMnOGjsXA7OYsQ9Cse+FPTt6yQTwHpkFqdNeCAOMt 4VG1Nat0MflFBT41oLEzOL10TrGxiqEWNuqE2j5El2z5fS9jZuSskwPBdqMesUZK +RxXsgrKFFQ3+9WjzNh863PTvCpH/ycR6wkHSkwdqHlO34R3sL1qUyGsec963IaB pocGiFyJpyxMxiXOem8v7CZfHyCVtCouiuC/n2oJmofnWyhXMwLXwLxjHmwE6Y3U 4Y7F12xm2iZeLt7rj+AHWX/NjBt5B88e+dDRdsZ/Wxw3jg5F4QVzTOKLkeIjG9IC NHJo1YetvGxN0cLEI/DTHf7bI6q6H6YrdkBpgk6ikrmcCWqJT+ENcMmCabuzb5rZ 5AZvbiIG+L4Y9OnXGcQXHGhBIutIG/6dClVBuIWK4ieDPSTZVIP8GUBidB5iWsUR 5son8qfd3F40AMopVTpiWHz/AWTmd2FVf1yilKer5iAm1K5xXALOPlTWKlIYljQ5 +txXiJCVYsSpvpQyavZz5XA/mXcfy1ZJMnAI1fsZtLxvXq9t6c/kxpxyFMIxygwg ajd0J3aM4OD0ENf6ZXNZm214pkNd/rGL8d3VkOqRxtzIxkNddNUE+bNWHGNEubNI oRbROdUKvi+22Eaq7a7qusinvZMVcW61D7huuycsyQLAHBf8KT8= =kV8H -----END PGP SIGNATURE-----
--vCJsUacbNeRW89gmxlnrq6BOeAK52MkAM--
--===============4570082463025293752== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============4570082463025293752==--
|