[USN-3649-1] QEMU vulnerabilities


This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
–===============4072836177691620961==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol=”application/pgp-signature”;
boundary=”DT2aza9kIFtDTwGDu9BQahf547WXZYapQ”

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
–DT2aza9kIFtDTwGDu9BQahf547WXZYapQ
Content-Type: multipart/mixed; boundary=”pOOJqykJadNEtM51wjLi3OC6J4VfyResP”;
protected-headers=”v1″
From: Marc Deslauriers
Reply-To: Ubuntu Security
To: “ubuntu-security-announce@lists.ubuntu.com”

Message-ID:
Subject: [USN-3649-1] QEMU vulnerabilities

–pOOJqykJadNEtM51wjLi3OC6J4VfyResP
Content-Type: text/plain; charset=utf-8
Content-Language: en-CA
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-3649-1
May 16, 2018

qemu vulnerabilities
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 17.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in QEMU.

Software Description:
– qemu: Machine emulator and virtualizer

Details:

Cyrille Chatras discovered that QEMU incorrectly handled certain PS2 valu=
es
during migration. An attacker could possibly use this issue to cause QEMU=

to crash, resulting in a denial of service, or possibly execute arbitrary=

code. This issue only affected Ubuntu 18.04 LTS. (CVE-2017-16845)

Cyrille Chatras discovered that QEMU incorrectly handled multiboot. An
attacker could use this issue to cause QEMU to crash, resulting in a deni=
al
of service, or possibly execute arbitrary code on the host. In the defaul=
t
installation, when QEMU is used with libvirt, attackers would be isolated=

by the libvirt AppArmor profile. (CVE-2018-7550)

Ross Lagerwall discovered that QEMU incorrectly handled the Cirrus VGA
device. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service. This issue only
affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-7858)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
qemu-system 1:2.11+dfsg-1ubuntu7.1
qemu-system-arm 1:2.11+dfsg-1ubuntu7.1
qemu-system-mips 1:2.11+dfsg-1ubuntu7.1
qemu-system-ppc 1:2.11+dfsg-1ubuntu7.1
qemu-system-s390x 1:2.11+dfsg-1ubuntu7.1
qemu-system-sparc 1:2.11+dfsg-1ubuntu7.1
qemu-system-x86 1:2.11+dfsg-1ubuntu7.1

Ubuntu 17.10:
qemu-system 1:2.10+dfsg-0ubuntu3.6
qemu-system-aarch64 1:2.10+dfsg-0ubuntu3.6
qemu-system-arm 1:2.10+dfsg-0ubuntu3.6
qemu-system-mips 1:2.10+dfsg-0ubuntu3.6
qemu-system-ppc 1:2.10+dfsg-0ubuntu3.6
qemu-system-s390x 1:2.10+dfsg-0ubuntu3.6
qemu-system-sparc 1:2.10+dfsg-0ubuntu3.6
qemu-system-x86 1:2.10+dfsg-0ubuntu3.6

Ubuntu 16.04 LTS:
qemu-system 1:2.5+dfsg-5ubuntu10.28
qemu-system-aarch64 1:2.5+dfsg-5ubuntu10.28
qemu-system-arm 1:2.5+dfsg-5ubuntu10.28
qemu-system-mips 1:2.5+dfsg-5ubuntu10.28
qemu-system-ppc 1:2.5+dfsg-5ubuntu10.28
qemu-system-s390x 1:2.5+dfsg-5ubuntu10.28
qemu-system-sparc 1:2.5+dfsg-5ubuntu10.28
qemu-system-x86 1:2.5+dfsg-5ubuntu10.28

Ubuntu 14.04 LTS:
qemu-system 2.0.0+dfsg-2ubuntu1.41
qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.41
qemu-system-arm 2.0.0+dfsg-2ubuntu1.41
qemu-system-mips 2.0.0+dfsg-2ubuntu1.41
qemu-system-ppc 2.0.0+dfsg-2ubuntu1.41
qemu-system-sparc 2.0.0+dfsg-2ubuntu1.41
qemu-system-x86 2.0.0+dfsg-2ubuntu1.41

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3649-1
CVE-2017-16845, CVE-2018-7550, CVE-2018-7858

Package Information:
https://launchpad.net/ubuntu/+source/qemu/1:2.11+dfsg-1ubuntu7.1
https://launchpad.net/ubuntu/+source/qemu/1:2.10+dfsg-0ubuntu3.6
https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.28
https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.41

–pOOJqykJadNEtM51wjLi3OC6J4VfyResP–

–DT2aza9kIFtDTwGDu9BQahf547WXZYapQ
Content-Type: application/pgp-signature; name=”signature.asc”
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename=”signature.asc”

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlr8TrIACgkQZWnYVadE
vpNZjQ/+IPlL3M3twcZ6oyBSchIhpltI08fx9Zq5Q5u3vRUr9DZQ2z38AhsBVDG1
kg+dQdpiBkDY8ONFAQS7XkOHKP1dlHY2TKL/XRQ1rMTIooj+xiJBvQnUiQv/Ny4B
ucwpAnfedXvNi4xT84OL3tUzJjidcurUqkSDHLeu8/XrnC4/auyLoPYBZiQiUspv
LAZKs8k2T3JFgtjdW/+CbpAb1ERedKhzhtW1G+G/M8JSLCYdEUkeQl00xtLCcsHR
vVQdox1xknPKtMb71TnZT55QJjDBK3JscODmAwpC5DhuTQ9s3MB7qvt1p1ayFBjH
0eSObWVO0GneSFvPAfUChohwdyUXMfk+zsBtuE+EXogHe3/dBjV+/uCBGYZnACG+
o4Zs60HrZAs00N68Q9croV/VMxLNP3iIaxTsBEZoOOwvLQfPow/3Uzkte7ReO6gT
Dmb7k96sJMGftnlUzSenFkuEwJ+5fvNKWuYPghq5PajElYXbrZt/CCjCSkUq7zBb
ToNr+RaeGMtRofFcNRLQiGd6lNtAcgYE9H/Jyo3WU5yIBqAP8SzXULmC7tjaprUW
agAdAL8r12j+Lg17iPCp4O0D5gCWfZoH1S72fmU4R9F/TUvNm3SVjZ7mtyBhc6lj
lzkFH7EaQ1pDqXC62aYIzofOq+4cjktSDAUFssXqxFUVf4eBJyE=
=LfsV
—–END PGP SIGNATURE—–

–DT2aza9kIFtDTwGDu9BQahf547WXZYapQ–

–===============4072836177691620961==
Content-Type: text/plain; charset=”utf-8″
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

–===============4072836177691620961==–