Home / mailingsPDF  

[USN-3047-1] QEMU vulnerabilities

Posted on 04 August 2016
Ubuntu Security

==========================
==========================
========================
Ubuntu Security Notice USN-3047-1
August 04, 2016

qemu, qemu-kvm vulnerabilities
==========================
==========================
========================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in QEMU.

Software Description:
- qemu: Machine emulator and virtualizer
- qemu-kvm: Machine emulator and virtualizer

Details:

Li Qiang discovered that QEMU incorrectly handled 53C9X Fast SCSI
controller emulation. A privileged attacker inside the guest could use th=
is
issue to cause QEMU to crash, resulting in a denial of service, or possib=
ly
execute arbitrary code on the host. In the default installation, when QEM=
U
is used with libvirt, attackers would be isolated by the libvirt AppArmor=

profile. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS=
=2E
(CVE-2016-4439, CVE-2016-4441, CVE-2016-5238, CVE-2016-5338, CVE-2016-635=
1)

Li Qiang and Qinghao Tang discovered that QEMU incorrectly handled the
VMWare VGA module. A privileged attacker inside the guest could use this
issue to cause QEMU to crash, resulting in a denial of service, or possib=
ly
to obtain sensitive host memory. (CVE-2016-4453, CVE-2016-4454)

Li Qiang discovered that QEMU incorrectly handled VMWARE PVSCSI paravirtu=
al
SCSI bus emulation support. A privileged attacker inside the guest could
use this issue to cause QEMU to crash, resulting in a denial of service.
This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-4952)

Li Qiang discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Ho=
st
Bus Adapter emulation support. A privileged attacker inside the guest cou=
ld
use this issue to cause QEMU to crash, resulting in a denial of service, =
or
possibly to obtain sensitive host memory. This issue only applied to Ubun=
tu
14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5105, CVE-2016-5106,
CVE-2016-5107, CVE-2016-5337)

It was discovered that QEMU incorrectly handled certain iSCSI asynchronou=
s
I/O ioctl calls. An attacker inside the guest could use this issue to cau=
se
QEMU to crash, resulting in a denial of service, or possibly execute
arbitrary code on the host. In the default installation, when QEMU is use=
d
with libvirt, attackers would be isolated by the libvirt AppArmor profile=
=2E
This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-5126)

Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. =
A
privileged attacker inside the guest could use this issue to cause QEMU t=
o
crash, resulting in a denial of service. (CVE-2016-5403)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
qemu-system 1:2.5+dfsg-5ubuntu10.3
qemu-system-aarch64 1:2.5+dfsg-5ubuntu10.3
qemu-system-arm 1:2.5+dfsg-5ubuntu10.3
qemu-system-mips 1:2.5+dfsg-5ubuntu10.3
qemu-system-misc 1:2.5+dfsg-5ubuntu10.3
qemu-system-ppc 1:2.5+dfsg-5ubuntu10.3
qemu-system-s390x 1:2.5+dfsg-5ubuntu10.3
qemu-system-sparc 1:2.5+dfsg-5ubuntu10.3
qemu-system-x86 1:2.5+dfsg-5ubuntu10.3

Ubuntu 14.04 LTS:
qemu-system 2.0.0+dfsg-2ubuntu1.26
qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.26
qemu-system-arm 2.0.0+dfsg-2ubuntu1.26
qemu-system-mips 2.0.0+dfsg-2ubuntu1.26
qemu-system-misc 2.0.0+dfsg-2ubuntu1.26
qemu-system-ppc 2.0.0+dfsg-2ubuntu1.26
qemu-system-sparc 2.0.0+dfsg-2ubuntu1.26
qemu-system-x86 2.0.0+dfsg-2ubuntu1.26

Ubuntu 12.04 LTS:
qemu-kvm 1.0+noroms-0ubuntu14.29

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-3047-1
CVE-2016-4439, CVE-2016-4441, CVE-2016-4453, CVE-2016-4454,
CVE-2016-4952, CVE-2016-5105, CVE-2016-5106, CVE-2016-5107,
CVE-2016-5126, CVE-2016-5238, CVE-2016-5337, CVE-2016-5338,
CVE-2016-5403, CVE-2016-6351

Package Information:
https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.3
https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.26
https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.29



--RaXGpLgAcwXKaJUU54obgKiaH2oc0dQrb--

 

TOP

Mailings :

Exploits :