Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in QEMU (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in QEMU (Aktualisierung)
ID: USN-4467-2
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 ESM
Datum: Di, 2. Februar 2021, 22:36
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13659
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13361
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14364
Applikationen: QEMU
Update von: Mehrere Probleme in QEMU

Originalnachricht

 

--===============2761885675203493129==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature";
 boundary="fdj2RfSjLxBAspz7"
Content-Disposition: inline


--fdj2RfSjLxBAspz7
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4467-2
February 02, 2021

qemu vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in QEMU.

Software Description:
- qemu: Machine emulator and virtualizer

Details:

USN-4467-1 fixed several vulnerabilities in QEMU. This update provides
the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

 It was discovered that the QEMU SD memory card implementation incorrectly
 handled certain memory operations. An attacker inside a guest could
 possibly use this issue to cause QEMU to crash, resulting in a denial of
 service. (CVE-2020-13253)

 Ren Ding and Hanqing Zhao discovered that the QEMU ES1370 audio driver
 incorrectly handled certain invalid frame counts. An attacker inside a
 guest could possibly use this issue to cause QEMU to crash, resulting in a
 denial of service. (CVE-2020-13361)

 Ren Ding and Hanqing Zhao discovered that the QEMU MegaRAID SAS SCSI driver
 incorrectly handled certain memory operations. An attacker inside a guest
 could possibly use this issue to cause QEMU to crash, resulting in a denial
 of service. (CVE-2020-13362)

 Alexander Bulekov discovered that QEMU MegaRAID SAS SCSI driver incorrectly
 handled certain memory space operations. An attacker inside a guest could
 possibly use this issue to cause QEMU to crash, resulting in a denial of
 service. (CVE-2020-13659)

 Ren Ding, Hanqing Zhao, Alexander Bulekov, and Anatoly Trosinenko
 discovered that the QEMU incorrectly handled certain msi-x mmio operations.
 An attacker inside a guest could possibly use this issue to cause QEMU to
 crash, resulting in a denial of service. (CVE-2020-13754)

 Ziming Zhang, Xiao Wei, Gonglei Arei and Yanyu Zhang discovered that
 QEMU incorrectly handled certain USB packets. An attacker could possibly
 use this to expose sensitive information or execute arbitrary code.
 (CVE-2020-14364)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  qemu                            2.0.0+dfsg-2ubuntu1.47+esm1
  qemu-system                     2.0.0+dfsg-2ubuntu1.47+esm1
  qemu-system-aarch64             2.0.0+dfsg-2ubuntu1.47+esm1
  qemu-system-arm                 2.0.0+dfsg-2ubuntu1.47+esm1
  qemu-system-mips                2.0.0+dfsg-2ubuntu1.47+esm1
  qemu-system-misc                2.0.0+dfsg-2ubuntu1.47+esm1
  qemu-system-ppc                 2.0.0+dfsg-2ubuntu1.47+esm1
  qemu-system-sparc               2.0.0+dfsg-2ubuntu1.47+esm1
  qemu-system-x86                 2.0.0+dfsg-2ubuntu1.47+esm1

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References:
  https://usn.ubuntu.com/4467-2
  https://usn.ubuntu.com/4467-1
  CVE-2020-13253, CVE-2020-13361, CVE-2020-13362, CVE-2020-13659,
  CVE-2020-13754, CVE-2020-14364

--fdj2RfSjLxBAspz7
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmAZWBgACgkQRbznW4QL
H2ly9g/8CkxJ2JrRPgSlh2Fvqp9PPee/9YSXXhh+ebH+Ry7ZBbxwIzKZojSYuElM
N9qMKHoekGxR0vgTj/FpHbUz+Xk2hpr2zxyoP7MSULJngeYCfFnOcXVzO1JowxHB
tCtymcITuCp5qN2795C4+HSHNRDlvuOJ+JNJaXbWa0ee6P2zl6SQ5l58ZwkAJ1an
rAPaKOeRTwg8XdZSKIb06Cg79tZJaXG+ZpM6q/7CgoA2Od3HHYCZMb0nnsJf3VE2
dK6ciVsicbePphOEWAGNgwcr1as9ikAx3osZWk2hEKja2wMQYU7htwaNfdKpI+/V
YnJW0HYHO6ZH6oDsLZ2U6Lm0/Jr/WU4fofxSMskg3lVp6OCo3DoxVZ9Ko7skPbPw
FeJftJSRtfiVh1MjxWiyzTj42p1VxpoSJOawO0k65eMxs4OzkdFOSRn43k2uQ8sP
3h1DzDT9lQtPNpi/5tSzIYYlDVx5nozFK3fV4d0J11kGSPHwPuYWJlh7ZNaDcluD
ny4uVhmJe/wiz8q5mGS9wYncANphOi3/6csw0S0A46B1RbbRid2ZpVolm7Q3UlvP
GZ6hBsFMCp7skjwpkaxSZtDSQV/tVlqWzgTnS4sR4ahJnzRLKqewHKJxmrE86z8J
Qy57EToAby3dJPNkorLpNkgxNWB9hU5WOk0rThuydZE4jVrU/zk=
=oGE3
-----END PGP SIGNATURE-----

--fdj2RfSjLxBAspz7--


--===============2761885675203493129==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung