Home / mailingsPDF  

[USN-3047-2] QEMU regression

Posted on 12 August 2016
Ubuntu Security

==========================
==========================
========================
Ubuntu Security Notice USN-3047-2
August 12, 2016

qemu, qemu-kvm regression
==========================
==========================
========================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

USN-3047-1 introduced a regression in QEMU.

Software Description:
- qemu: Machine emulator and virtualizer
- qemu-kvm: Machine emulator and virtualizer

Details:

USN-3047-1 fixed vulnerabilities in QEMU. The patch to fix CVE-2016-5403
caused a regression which resulted in save/restore failures when virtio
memory balloon statistics are enabled. This update temporarily reverts th=
e
security fix for CVE-2016-5403 pending further investigation. We apologiz=
e
for the inconvenience.

Original advisory details:

Li Qiang discovered that QEMU incorrectly handled 53C9X Fast SCSI
controller emulation. A privileged attacker inside the guest could use t=
his
issue to cause QEMU to crash, resulting in a denial of service, or possi=
bly
execute arbitrary code on the host. In the default installation, when QE=
MU
is used with libvirt, attackers would be isolated by the libvirt AppArmo=
r
profile. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LT=
S.
(CVE-2016-4439, CVE-2016-4441, CVE-2016-5238, CVE-2016-5338, CVE-2016-63=
51)
Li Qiang and Qinghao Tang discovered that QEMU incorrectly handled the
VMWare VGA module. A privileged attacker inside the guest could use this=

issue to cause QEMU to crash, resulting in a denial of service, or possi=
bly
to obtain sensitive host memory. (CVE-2016-4453, CVE-2016-4454)
Li Qiang discovered that QEMU incorrectly handled VMWARE PVSCSI paravir=
tual
SCSI bus emulation support. A privileged attacker inside the guest could=

use this issue to cause QEMU to crash, resulting in a denial of service.=

This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-4952)
Li Qiang discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 =
Host
Bus Adapter emulation support. A privileged attacker inside the guest co=
uld
use this issue to cause QEMU to crash, resulting in a denial of service,=
or
possibly to obtain sensitive host memory. This issue only applied to Ubu=
ntu
14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5105, CVE-2016-5106,
CVE-2016-5107, CVE-2016-5337)
It was discovered that QEMU incorrectly handled certain iSCSI asynchron=
ous
I/O ioctl calls. An attacker inside the guest could use this issue to ca=
use
QEMU to crash, resulting in a denial of service, or possibly execute
arbitrary code on the host. In the default installation, when QEMU is us=
ed
with libvirt, attackers would be isolated by the libvirt AppArmor profil=
e.
This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-5126)
Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module=
=2E A
privileged attacker inside the guest could use this issue to cause QEMU =
to
crash, resulting in a denial of service. (CVE-2016-5403)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
qemu-system 1:2.5+dfsg-5ubuntu10.4
qemu-system-aarch64 1:2.5+dfsg-5ubuntu10.4
qemu-system-arm 1:2.5+dfsg-5ubuntu10.4
qemu-system-mips 1:2.5+dfsg-5ubuntu10.4
qemu-system-misc 1:2.5+dfsg-5ubuntu10.4
qemu-system-ppc 1:2.5+dfsg-5ubuntu10.4
qemu-system-s390x 1:2.5+dfsg-5ubuntu10.4
qemu-system-sparc 1:2.5+dfsg-5ubuntu10.4
qemu-system-x86 1:2.5+dfsg-5ubuntu10.4

Ubuntu 14.04 LTS:
qemu-system 2.0.0+dfsg-2ubuntu1.27
qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.27
qemu-system-arm 2.0.0+dfsg-2ubuntu1.27
qemu-system-mips 2.0.0+dfsg-2ubuntu1.27
qemu-system-misc 2.0.0+dfsg-2ubuntu1.27
qemu-system-ppc 2.0.0+dfsg-2ubuntu1.27
qemu-system-sparc 2.0.0+dfsg-2ubuntu1.27
qemu-system-x86 2.0.0+dfsg-2ubuntu1.27

Ubuntu 12.04 LTS:
qemu-kvm 1.0+noroms-0ubuntu14.30

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-3047-2
http://www.ubuntu.com/usn/usn-3047-1
https://launchpad.net/bugs/1612089

Package Information:
https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.4
https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.27
https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.30



--HsGgUJmsoXiDXQiQ0fkapiMCSVJX36TVp--

 

TOP

Mailings :

Exploits :