drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in QEMU
| Name: |
Mehrere Probleme in QEMU |
|
| ID: |
USN-4725-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 20.10 |
|
| Datum: |
Di, 9. Februar 2021, 00:16 |
|
| Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27821
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28916
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15859
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29443 |
|
| Applikationen: |
QEMU |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============3078751220824606792==
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="SRq04bsqvKNrmi3sWByVsiNyyKReIMbtj"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--SRq04bsqvKNrmi3sWByVsiNyyKReIMbtj
Content-Type: multipart/mixed;
boundary="djRcWA52IMxerB8BM9hnDp1ZthiiH45hC";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
<ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <7ccd573b-f9ca-6e70-796c-2971b56414ef@canonical.com>
Subject: [USN-4725-1] QEMU vulnerabilities
--djRcWA52IMxerB8BM9hnDp1ZthiiH45hC
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-4725-1
February 08, 2021
qemu vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in QEMU.
Software Description:
- qemu: Machine emulator and virtualizer
Details:
It was discovered that QEMU incorrectly handled memory in iSCSI emulation.
An attacker inside the guest could possibly use this issue to obtain
sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu
18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-11947)
Alexander Bulekov discovered that QEMU incorrectly handled Intel e1000e
emulation. An attacker inside the guest could use this issue to cause QEMU
to crash, resulting in a denial of service. (CVE-2020-15859)
Alexander Bulekov discovered that QEMU incorrectly handled memory region
cache. An attacker inside the guest could use this issue to cause QEMU to
crash, resulting in a denial of service. This issue only affected Ubuntu
20.04 LTS, and Ubuntu 20.10. (CVE-2020-27821)
Cheol-woo Myung discovered that QEMU incorrectly handled Intel e1000e
emulation. An attacker inside the guest could use this issue to cause a
denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04
LTS, and Ubuntu 20.10. (CVE-2020-28916)
Wenxiang Qian discovered that QEMU incorrectly handled ATAPI emulation. An
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service. (CVE-2020-29443)
It was discovered that QEMU incorrectly handled VirtFS directory sharing.
An attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service. (CVE-2021-20181)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
qemu-system 1:5.0-5ubuntu9.4
qemu-system-arm 1:5.0-5ubuntu9.4
qemu-system-mips 1:5.0-5ubuntu9.4
qemu-system-misc 1:5.0-5ubuntu9.4
qemu-system-ppc 1:5.0-5ubuntu9.4
qemu-system-s390x 1:5.0-5ubuntu9.4
qemu-system-sparc 1:5.0-5ubuntu9.4
qemu-system-x86 1:5.0-5ubuntu9.4
qemu-system-x86-microvm 1:5.0-5ubuntu9.4
qemu-system-x86-xen 1:5.0-5ubuntu9.4
Ubuntu 20.04 LTS:
qemu-system 1:4.2-3ubuntu6.12
qemu-system-arm 1:4.2-3ubuntu6.12
qemu-system-mips 1:4.2-3ubuntu6.12
qemu-system-misc 1:4.2-3ubuntu6.12
qemu-system-ppc 1:4.2-3ubuntu6.12
qemu-system-s390x 1:4.2-3ubuntu6.12
qemu-system-sparc 1:4.2-3ubuntu6.12
qemu-system-x86 1:4.2-3ubuntu6.12
qemu-system-x86-microvm 1:4.2-3ubuntu6.12
qemu-system-x86-xen 1:4.2-3ubuntu6.12
Ubuntu 18.04 LTS:
qemu-system 1:2.11+dfsg-1ubuntu7.35
qemu-system-arm 1:2.11+dfsg-1ubuntu7.35
qemu-system-mips 1:2.11+dfsg-1ubuntu7.35
qemu-system-misc 1:2.11+dfsg-1ubuntu7.35
qemu-system-ppc 1:2.11+dfsg-1ubuntu7.35
qemu-system-s390x 1:2.11+dfsg-1ubuntu7.35
qemu-system-sparc 1:2.11+dfsg-1ubuntu7.35
qemu-system-x86 1:2.11+dfsg-1ubuntu7.35
Ubuntu 16.04 LTS:
qemu-system 1:2.5+dfsg-5ubuntu10.49
qemu-system-aarch64 1:2.5+dfsg-5ubuntu10.49
qemu-system-arm 1:2.5+dfsg-5ubuntu10.49
qemu-system-mips 1:2.5+dfsg-5ubuntu10.49
qemu-system-misc 1:2.5+dfsg-5ubuntu10.49
qemu-system-ppc 1:2.5+dfsg-5ubuntu10.49
qemu-system-s390x 1:2.5+dfsg-5ubuntu10.49
qemu-system-sparc 1:2.5+dfsg-5ubuntu10.49
qemu-system-x86 1:2.5+dfsg-5ubuntu10.49
After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.
References:
https://usn.ubuntu.com/4725-1
CVE-2020-11947, CVE-2020-15859, CVE-2020-27821, CVE-2020-28916,
CVE-2020-29443, CVE-2021-20181
Package Information:
https://launchpad.net/ubuntu/+source/qemu/1:5.0-5ubuntu9.4
https://launchpad.net/ubuntu/+source/qemu/1:4.2-3ubuntu6.12
https://launchpad.net/ubuntu/+source/qemu/1:2.11+dfsg-1ubuntu7.35
https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.49
--djRcWA52IMxerB8BM9hnDp1ZthiiH45hC--
--SRq04bsqvKNrmi3sWByVsiNyyKReIMbtj
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmAhRdoACgkQZWnYVadE
vpOJYxAAt1cGFJLj09zfn8vZanvSGxGRM/gE0xCCR2Ni1iXZrIzbTA4gI4YWnHtM
2eN03o5dQsHUq1epIZZZMHxAwRpLWfkZ2pQ4NZd5gkKRksd0KBgVmm214O3hWXCH
rIkYDb7/hGriVHILAMEpoNQdSqR3365ysTdIm2HIZfQuvzGm8zzsqeiMxxkoU9Zl
xEFIotCpwvgn91OfAFRRQsq/FbnzoL+hkAVRoDLOARIrGH2Hb0eAO52ZHsDZllan
8bEaFBiZZC/u6iqgBbqmvaAJ40UWfCF1G/aCiU7tNT0exe2TjrCKkQ1wbxiU+uRS
hsZNwiLYUVUWlzem6wJjYuzES8oaZIQrfmbPAFB/cYUFVCyT3Z1yc8sMPyDvBnEh
Y+TjxG6AK91i95yF6YizQ12E8nP8HVthoy7NI7CdtDnT81fTfLANzkKi+bCX9kMj
A4DbNggwnjEtCvloZOwGqzvAc6r0Dq15FLXZDc3UbU+YjIrh0exu17nYbHrV3kE9
LlkwlzFs/bSq052jqoF/NKsyL6/I2jCLXtGmtqkuPyjNi6LCNKrhvIDBdDWoR6sp
gscR0SoVEdjUTY660LbsQJ1OP7/i13XvZF90gfoLLk0xrXqfx9yC4m8khimGyoaj
gi1Y/jI9JzePEFnzYPnSVjszT/0bq5F6xLnPz2c53OJZV9J04WI=
=/lJv
-----END PGP SIGNATURE-----
--SRq04bsqvKNrmi3sWByVsiNyyKReIMbtj--
--===============3078751220824606792==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK
--===============3078751220824606792==--
|
|
|
|
