Nacionalni CERT

Sigurnosni nedostaci programskog paketa qemu

<p>==========================================================================<br />Ubuntu Security Notice USN-3414-1<br />September 13, 2017<br /><br />qemu vulnerabilities<br />==========================================================================<br /><br />A security issue affects these releases of Ubuntu and its derivatives:<br /><br />- Ubuntu 17.04<br />- Ubuntu 16.04 LTS<br />- Ubuntu 14.04 LTS<br /><br />Summary:<br /><br />Several security issues were fixed in QEMU.<br /><br />Software Description:<br />- qemu: Machine emulator and virtualizer<br /><br />Details:<br /><br />Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control.<br />A guest attacker could use this issue to elevate privileges inside the<br />guest. (CVE-2017-7493)<br /><br />Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation.<br />A privileged attacker inside the guest could use this issue to cause QEMU<br />to consume resources or crash, resulting in a denial of service.<br />(CVE-2017-8112)<br /><br />It was discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host<br />Bus Adapter emulation support. A privileged attacker inside the guest could<br />use this issue to cause QEMU to crash, resulting in a denial of service, or<br />possibly to obtain sensitive host memory. This issue only affected Ubuntu<br />16.04 LTS and Ubuntu 17.04. (CVE-2017-8380)<br /><br />Li Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An<br />attacker inside the guest could use this issue to cause QEMU to consume<br />resources and crash, resulting in a denial of service. This issue only<br />affected Ubuntu 17.04. (CVE-2017-9060)<br /><br />Li Qiang discovered that QEMU incorrectly handled the e1000e device. A<br />privileged attacker inside the guest could use this issue to cause QEMU to<br />hang, resulting in a denial of service. This issue only affected Ubuntu<br />17.04. (CVE-2017-9310)<br /><br />Li Qiang discovered that QEMU incorrectly handled USB OHCI emulation<br />support. An attacker inside the guest could use this issue to cause QEMU to<br />crash, resulting in a denial of service. (CVE-2017-9330)<br /><br />Li Qiang discovered that QEMU incorrectly handled IDE AHCI emulation<br />support. A privileged attacker inside the guest could use this issue to<br />cause QEMU to consume resources and crash, resulting in a denial of<br />service. (CVE-2017-9373)<br /><br />Li Qiang discovered that QEMU incorrectly handled USB EHCI emulation<br />support. A privileged attacker inside the guest could use this issue to<br />cause QEMU to consume resources and crash, resulting in a denial of<br />service. (CVE-2017-9374)<br /><br />Li Qiang discovered that QEMU incorrectly handled USB xHCI emulation<br />support. A privileged attacker inside the guest could use this issue to<br />cause QEMU to hang, resulting in a denial of service. (CVE-2017-9375)<br /><br />Zhangyanyu discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2<br />Host Bus Adapter emulation support. A privileged attacker inside the guest<br />could use this issue to cause QEMU to crash, resulting in a denial of<br />service. (CVE-2017-9503)<br /><br />It was discovered that the QEMU qemu-nbd server incorrectly handled<br />initialization. A remote attacker could use this issue to cause the server<br />to crash, resulting in a denial of service. (CVE-2017-9524)<br /><br />It was discovered that the QEMU qemu-nbd server incorrectly handled<br />signals. A remote attacker could use this issue to cause the server to<br />crash, resulting in a denial of service. (CVE-2017-10664)<br /><br />Li Qiang discovered that the QEMU USB redirector incorrectly handled<br />logging debug messages. An attacker inside the guest could use this issue<br />to cause QEMU to crash, resulting in a denial of service. (CVE-2017-10806)<br /><br />Anthony Perard discovered that QEMU incorrectly handled Xen block-interface<br />responses. An attacker inside the guest could use this issue to cause QEMU<br />to leak contents of host memory. (CVE-2017-10911)<br /><br />Reno Robert discovered that QEMU incorrectly handled certain DHCP options<br />strings. An attacker inside the guest could use this issue to cause QEMU<br />to crash, resulting in a denial of service. (CVE-2017-11434)<br /><br />Ryan Salsamendi discovered that QEMU incorrectly handled empty CDROM device<br />drives. A privileged attacker inside the guest could use this issue to<br />cause QEMU to crash, resulting in a denial of service. This issue only<br />affected Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-12809)<br /><br />Update instructions:<br /><br />The problem can be corrected by updating your system to the following<br />package versions:<br /><br />Ubuntu 17.04:<br /> qemu-system 1:2.8+dfsg-3ubuntu2.4<br /> qemu-system-aarch64 1:2.8+dfsg-3ubuntu2.4<br /> qemu-system-arm 1:2.8+dfsg-3ubuntu2.4<br /> qemu-system-mips 1:2.8+dfsg-3ubuntu2.4<br /> qemu-system-misc 1:2.8+dfsg-3ubuntu2.4<br /> qemu-system-ppc 1:2.8+dfsg-3ubuntu2.4<br /> qemu-system-s390x 1:2.8+dfsg-3ubuntu2.4<br /> qemu-system-sparc 1:2.8+dfsg-3ubuntu2.4<br /> qemu-system-x86 1:2.8+dfsg-3ubuntu2.4<br /><br />Ubuntu 16.04 LTS:<br /> qemu-system 1:2.5+dfsg-5ubuntu10.15<br /> qemu-system-aarch64 1:2.5+dfsg-5ubuntu10.15<br /> qemu-system-arm 1:2.5+dfsg-5ubuntu10.15<br /> qemu-system-mips 1:2.5+dfsg-5ubuntu10.15<br /> qemu-system-misc 1:2.5+dfsg-5ubuntu10.15<br /> qemu-system-ppc 1:2.5+dfsg-5ubuntu10.15<br /> qemu-system-s390x 1:2.5+dfsg-5ubuntu10.15<br /> qemu-system-sparc 1:2.5+dfsg-5ubuntu10.15<br /> qemu-system-x86 1:2.5+dfsg-5ubuntu10.15<br /><br />Ubuntu 14.04 LTS:<br /> qemu-system 2.0.0+dfsg-2ubuntu1.35<br /> qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.35<br /> qemu-system-arm 2.0.0+dfsg-2ubuntu1.35<br /> qemu-system-mips 2.0.0+dfsg-2ubuntu1.35<br /> qemu-system-misc 2.0.0+dfsg-2ubuntu1.35<br /> qemu-system-ppc 2.0.0+dfsg-2ubuntu1.35<br /> qemu-system-sparc 2.0.0+dfsg-2ubuntu1.35<br /> qemu-system-x86 2.0.0+dfsg-2ubuntu1.35<br /><br />After a standard system update you need to restart all QEMU virtual<br />machines to make all the necessary changes.<br /><br />References:<br /> https://www.ubuntu.com/usn/usn-3414-1<br /> CVE-2017-10664, CVE-2017-10806, CVE-2017-10911, CVE-2017-11434,<br /> CVE-2017-12809, CVE-2017-7493, CVE-2017-8112, CVE-2017-8380,<br /> CVE-2017-9060, CVE-2017-9310, CVE-2017-9330, CVE-2017-9373,<br /> CVE-2017-9374, CVE-2017-9375, CVE-2017-9503, CVE-2017-9524<br /><br />Package Information:<br /> https://launchpad.net/ubuntu/+source/qemu/1:2.8+dfsg-3ubuntu2.4<br /> https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.15<br /> https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.35<br /><br /><br />-----BEGIN PGP SIGNATURE-----<br />Version: GnuPG v2<br /><br />iQIcBAEBCgAGBQJZuR3bAAoJEGVp2FWnRL6TbWQP/2sdCRT9tNlBCKg6TaZaZrVb<br />7eZAP0RZoCbG8K2y9pDMTNWFTodNhFNJG8r4Itv5cT/dh3OzupoTi+SrbOGZySue<br />w/Nl3/GeFnoiDXFXmKxDejh8s46eTqdQjbl9MXSF6jPd+YW0KyLm8tUnaIRcbHx7<br />S0CoT0lN/+RvsS3BBLQqyaKTmNvyy+vHnTbQ7SX6VNcqzPczPm2QZxPapAJYz/Nk<br />05W2BBiomfLp//JhqkINMnjzEP89ra1c1dm163iUGSeE+5r/3N9Kbbxn13+pDpqB<br />tQSRcGBm/d+DmeW5W73aEH2aZ8sBvnHFkgBz4kMc3QUpexHC5jzolzOhlE0mzbDV<br />3cPLM004YSoTU5oJjpOLUdoce8zU0ThBBRZ2Dyc80MD8sacwsFkmA1Io3g5JXTi1<br />RPPibvAd2lTWTzDPKnOXDM72YuTTQuq9kSCdlIzAA1s7zgiBCBSkco/UwkKj472G<br />eHww/8cv9/ARi5W1uUprANOYNGZaO8R4gBhuDIYlCtI4ar2KbHN0wNI2nhW3IuoY<br />vR2ZMaDGgz8N6WM7tbMY5/WaOcae3dXcS9cFl0ltId4gyuencrI/8jMiB2Lh0iZW<br />SmQfsO29/ZhIcvNEqleeYx7PmZDVhF+B3Mx/QIuIPUOuhb3VFU8TjlgYPaf4tJ5z<br />DunigV5TvwG5QaYB00Tz<br />=yiqV<br />-----END PGP SIGNATURE-----<br />--</p>
Otkriveni su sigurnosni nedostaci u programskom paketu qemu za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju stjecanje uvećanih ovlasti, izvođenje napada uskraćivanjem usluge ili otkrivanje osjetljivih informacija. Savjetuje se ažuriranje izdanim zakrpama.