drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in QEMU (Aktualisierung)
Name: |
Mehrere Probleme in QEMU (Aktualisierung) |
|
ID: |
USN-4467-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 ESM |
|
Datum: |
Di, 2. Februar 2021, 22:36 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13659
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13361
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14364 |
|
Applikationen: |
QEMU |
|
Update von: |
Mehrere Probleme in QEMU |
|
Originalnachricht |
--===============2761885675203493129== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="fdj2RfSjLxBAspz7" Content-Disposition: inline
--fdj2RfSjLxBAspz7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-4467-2 February 02, 2021
qemu vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in QEMU.
Software Description: - qemu: Machine emulator and virtualizer
Details:
USN-4467-1 fixed several vulnerabilities in QEMU. This update provides the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that the QEMU SD memory card implementation incorrectly handled certain memory operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13253)
Ren Ding and Hanqing Zhao discovered that the QEMU ES1370 audio driver incorrectly handled certain invalid frame counts. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13361)
Ren Ding and Hanqing Zhao discovered that the QEMU MegaRAID SAS SCSI driver incorrectly handled certain memory operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13362)
Alexander Bulekov discovered that QEMU MegaRAID SAS SCSI driver incorrectly handled certain memory space operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13659)
Ren Ding, Hanqing Zhao, Alexander Bulekov, and Anatoly Trosinenko discovered that the QEMU incorrectly handled certain msi-x mmio operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13754)
Ziming Zhang, Xiao Wei, Gonglei Arei and Yanyu Zhang discovered that QEMU incorrectly handled certain USB packets. An attacker could possibly use this to expose sensitive information or execute arbitrary code. (CVE-2020-14364)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: qemu 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-system 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-system-arm 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-system-mips 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-system-misc 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-system-ppc 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-system-sparc 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-system-x86 2.0.0+dfsg-2ubuntu1.47+esm1
After a standard system update you need to restart all QEMU virtual machines to make all the necessary changes.
References: https://usn.ubuntu.com/4467-2 https://usn.ubuntu.com/4467-1 CVE-2020-13253, CVE-2020-13361, CVE-2020-13362, CVE-2020-13659, CVE-2020-13754, CVE-2020-14364
--fdj2RfSjLxBAspz7 Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmAZWBgACgkQRbznW4QL H2ly9g/8CkxJ2JrRPgSlh2Fvqp9PPee/9YSXXhh+ebH+Ry7ZBbxwIzKZojSYuElM N9qMKHoekGxR0vgTj/FpHbUz+Xk2hpr2zxyoP7MSULJngeYCfFnOcXVzO1JowxHB tCtymcITuCp5qN2795C4+HSHNRDlvuOJ+JNJaXbWa0ee6P2zl6SQ5l58ZwkAJ1an rAPaKOeRTwg8XdZSKIb06Cg79tZJaXG+ZpM6q/7CgoA2Od3HHYCZMb0nnsJf3VE2 dK6ciVsicbePphOEWAGNgwcr1as9ikAx3osZWk2hEKja2wMQYU7htwaNfdKpI+/V YnJW0HYHO6ZH6oDsLZ2U6Lm0/Jr/WU4fofxSMskg3lVp6OCo3DoxVZ9Ko7skPbPw FeJftJSRtfiVh1MjxWiyzTj42p1VxpoSJOawO0k65eMxs4OzkdFOSRn43k2uQ8sP 3h1DzDT9lQtPNpi/5tSzIYYlDVx5nozFK3fV4d0J11kGSPHwPuYWJlh7ZNaDcluD ny4uVhmJe/wiz8q5mGS9wYncANphOi3/6csw0S0A46B1RbbRid2ZpVolm7Q3UlvP GZ6hBsFMCp7skjwpkaxSZtDSQV/tVlqWzgTnS4sR4ahJnzRLKqewHKJxmrE86z8J Qy57EToAby3dJPNkorLpNkgxNWB9hU5WOk0rThuydZE4jVrU/zk= =oGE3 -----END PGP SIGNATURE-----
--fdj2RfSjLxBAspz7--
--===============2761885675203493129== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|