You are here
Home > Preporuke > Sigurnosni propust programskih paketa qemu i qemu-kvm

Sigurnosni propust programskih paketa qemu i qemu-kvm

by ncert - 0
  • Detalji os-a: LUB
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2439-1
December 11, 2014

qemu, qemu-kvm vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.10
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in QEMU.

Software Description:
– qemu: Machine emulator and virtualizer
– qemu-kvm: Machine emulator and virtualizer

Details:

Michael S. Tsirkin discovered that QEMU incorrectly handled certain
parameters during ram load while performing a migration. An attacker able
to manipulate savevm data could use this issue to possibly execute
arbitrary code on the host. This issue only affected Ubuntu 12.04 LTS,
Ubuntu 14.04 LTS, and Ubuntu 14.10. (CVE-2014-7840)

Paolo Bonzini discovered that QEMU incorrectly handled memory in the Cirrus
VGA device. A malicious guest could possibly use this issue to write into
memory of the host, leading to privilege escalation. (CVE-2014-8106)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
qemu-system 2.1+dfsg-4ubuntu6.3
qemu-system-aarch64 2.1+dfsg-4ubuntu6.3
qemu-system-arm 2.1+dfsg-4ubuntu6.3
qemu-system-mips 2.1+dfsg-4ubuntu6.3
qemu-system-misc 2.1+dfsg-4ubuntu6.3
qemu-system-ppc 2.1+dfsg-4ubuntu6.3
qemu-system-sparc 2.1+dfsg-4ubuntu6.3
qemu-system-x86 2.1+dfsg-4ubuntu6.3

Ubuntu 14.04 LTS:
qemu-system 2.0.0+dfsg-2ubuntu1.9
qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.9
qemu-system-arm 2.0.0+dfsg-2ubuntu1.9
qemu-system-mips 2.0.0+dfsg-2ubuntu1.9
qemu-system-misc 2.0.0+dfsg-2ubuntu1.9
qemu-system-ppc 2.0.0+dfsg-2ubuntu1.9
qemu-system-sparc 2.0.0+dfsg-2ubuntu1.9
qemu-system-x86 2.0.0+dfsg-2ubuntu1.9

Ubuntu 12.04 LTS:
qemu-kvm 1.0+noroms-0ubuntu14.21

Ubuntu 10.04 LTS:
qemu-kvm 0.12.3+noroms-0ubuntu9.26

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2439-1
CVE-2014-7840, CVE-2014-8106

Package Information:
https://launchpad.net/ubuntu/+source/qemu/2.1+dfsg-4ubuntu6.3
https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.9
https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.21
https://launchpad.net/ubuntu/+source/qemu-kvm/0.12.3+noroms-0ubuntu9.26

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJUifTTAAoJEGVp2FWnRL6TQqAP/2Ux7cwhsipssPGDMkp2YiP2
H0GhoMS86hBoGUep0b0v7j8SDG5yd1ZvYdnJjkEIzJpM0xBiHVLHdKsMN60gyB8Z
Q1AdhRHjEdTkMn/wJnoyvzS3okSo2YvJ9JJ2Ifgr3dwlU6RfR8DlxTMntFXmOrmR
Q+jcoGtbJwVbSwRldlCL2DIEM9uMYmnbqh23scZAqT2zKrBn6OYn7clIb3kVy0ay
hIB1hdIJxhOVfVuH7QTfNjoXYAnR64HD9ObsrnVCmG4eT7lnkEXkP3T1Qvd4Hl29
oQ60Q9B/x4sTIxMnc3elb0QjbfMrzYotu5XbmRv08Xrg3oFQb61C0FV+/+iPf2rj
zvI3HVIQptzR0IDQxBrBb8SHFJX4wiP45RxC/JknXrMrQZIUXHs+/n3xpq94mgHC
b+yArXX07GzityFsV5JlM4PLboAGyWRR7vazOfZ/Fb1mEHmrCX5jKxXzkb1l+7pE
z0RT3pWsdYFpB3dwj22SNVNeRMWfdLLkz6COcUSVUB/9vYryhzYWqWpDfmHlDrOc
I2WJZAS9YsFYIwFHG9WPCPP+VzSY0GcrglmUDVw9RY9xqsNUpb/7uAFCQ2j02tgP
SMANW9SK41rsssMf6mXztB88tCm/8Kf9QWinL7Ng4p/OU6AQYiSrZ6nnI7FUT5Uy
l8TPs0imBC9amO5/WO3o
=LjNp
—–END PGP SIGNATURE—–

AutorTomislav Protega
Cert idNCERT-REF-2014-12-0037-ADV
CveCVE-2014-7840 CVE-2014-8106
ID izvornikaUSN-2439-1
Proizvodqemu, qemu-kvm
Izvorhttp://www.ubuntu.com
ncert
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa asterisk

Otkriveni su sigurnosni nedostaci u programskom paketu asterisk za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje napada uskraćivanja...

Close