Monday, April 28, 2014

USN-2182-1: QEMU vulnerabilities

Ubuntu Security Notice USN-2182-1


28th April, 2014


qemu, qemu-kvm vulnerabilities


A security issue affects these releases of Ubuntu and its derivatives:



  • Ubuntu 14.04 LTS

  • Ubuntu 13.10

  • Ubuntu 12.10

  • Ubuntu 12.04 LTS

  • Ubuntu 10.04 LTS


Summary


Several security issues were fixed in QEMU.


Software description



  • qemu - Machine emulator and virtualizer

  • qemu-kvm - Machine emulator and virtualizer


Details


Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3

devices. A local guest could possibly use this issue to cause a denial of

service, or possibly execute arbitrary code on the host. This issue only

applied to Ubuntu 13.10 and Ubuntu 14.04 LTS. (CVE-2013-4544)


Michael S. Tsirkin discovered that QEMU incorrectly handled virtio-net

MAC addresses. A local guest could possibly use this issue to cause a

denial of service, or possibly execute arbitrary code on the host.

(CVE-2014-0150)


BenoƮt Canet discovered that QEMU incorrectly handled SMART self-tests. A

local guest could possibly use this issue to cause a denial of service, or

possibly execute arbitrary code on the host. (CVE-2014-2894)


Update instructions


The problem can be corrected by updating your system to the following package version:



Ubuntu 14.04 LTS:

qemu-system-misc 2.0.0~rc1+dfsg-0ubuntu3.1

qemu-system 2.0.0~rc1+dfsg-0ubuntu3.1

qemu-system-aarch64 2.0.0~rc1+dfsg-0ubuntu3.1

qemu-system-x86 2.0.0~rc1+dfsg-0ubuntu3.1

qemu-system-sparc 2.0.0~rc1+dfsg-0ubuntu3.1

qemu-system-arm 2.0.0~rc1+dfsg-0ubuntu3.1

qemu-system-ppc 2.0.0~rc1+dfsg-0ubuntu3.1

qemu-system-mips 2.0.0~rc1+dfsg-0ubuntu3.1

Ubuntu 13.10:

qemu-system-misc 1.5.0+dfsg-3ubuntu5.4

qemu-system 1.5.0+dfsg-3ubuntu5.4

qemu-system-x86 1.5.0+dfsg-3ubuntu5.4

qemu-system-sparc 1.5.0+dfsg-3ubuntu5.4

qemu-system-arm 1.5.0+dfsg-3ubuntu5.4

qemu-system-ppc 1.5.0+dfsg-3ubuntu5.4

qemu-system-mips 1.5.0+dfsg-3ubuntu5.4

Ubuntu 12.10:

qemu-kvm 1.2.0+noroms-0ubuntu2.12.10.7

Ubuntu 12.04 LTS:

qemu-kvm 1.0+noroms-0ubuntu14.14

Ubuntu 10.04 LTS:

qemu-kvm 0.12.3+noroms-0ubuntu9.22


To update your system, please follow these instructions: http://bit.ly/1aJDvTw.


After a standard system update you need to reboot your computer to make all

the necessary changes.


References


CVE-2013-4544, CVE-2014-0150, CVE-2014-2894






via Ubuntu Security Notices http://bit.ly/1itRVsY
Posted by at
Labels: ,

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)