exploit the possibilities

Ubuntu Security Notice USN-3047-1

Ubuntu Security Notice USN-3047-1
Posted Aug 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3047-1 - Li Qiang discovered that QEMU incorrectly handled 53C9X Fast SCSI controller emulation. A privileged attacker inside the guest could use th is issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-4439, CVE-2016-4441, CVE-2016-4453, CVE-2016-4454, CVE-2016-4952, CVE-2016-5105, CVE-2016-5106, CVE-2016-5107, CVE-2016-5126, CVE-2016-5238, CVE-2016-5337, CVE-2016-5338, CVE-2016-5403, CVE-2016-6351
MD5 | bc47352f46382b5dc3167a3e00a42dc3

Ubuntu Security Notice USN-3047-1

Change Mirror Download

=========================================================================
Ubuntu Security Notice USN-3047-1
August 04, 2016

qemu, qemu-kvm vulnerabilities
=========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in QEMU.

Software Description:
- qemu: Machine emulator and virtualizer
- qemu-kvm: Machine emulator and virtualizer

Details:

Li Qiang discovered that QEMU incorrectly handled 53C9X Fast SCSI
controller emulation. A privileged attacker inside the guest could use th
is
issue to cause QEMU to crash, resulting in a denial of service, or possib
ly
execute arbitrary code on the host. In the default installation, when QEM
U
is used with libvirt, attackers would be isolated by the libvirt AppArmor

profile. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS
.
(CVE-2016-4439, CVE-2016-4441, CVE-2016-5238, CVE-2016-5338, CVE-2016-635
1)

Li Qiang and Qinghao Tang discovered that QEMU incorrectly handled the
VMWare VGA module. A privileged attacker inside the guest could use this
issue to cause QEMU to crash, resulting in a denial of service, or possib
ly
to obtain sensitive host memory. (CVE-2016-4453, CVE-2016-4454)

Li Qiang discovered that QEMU incorrectly handled VMWARE PVSCSI paravirtu
al
SCSI bus emulation support. A privileged attacker inside the guest could
use this issue to cause QEMU to crash, resulting in a denial of service.
This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-4952)

Li Qiang discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Ho
st
Bus Adapter emulation support. A privileged attacker inside the guest cou
ld
use this issue to cause QEMU to crash, resulting in a denial of service,
or
possibly to obtain sensitive host memory. This issue only applied to Ubun
tu
14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5105, CVE-2016-5106,
CVE-2016-5107, CVE-2016-5337)

It was discovered that QEMU incorrectly handled certain iSCSI asynchronou
s
I/O ioctl calls. An attacker inside the guest could use this issue to cau
se
QEMU to crash, resulting in a denial of service, or possibly execute
arbitrary code on the host. In the default installation, when QEMU is use
d
with libvirt, attackers would be isolated by the libvirt AppArmor profile
.
This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-5126)

Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module.
A
privileged attacker inside the guest could use this issue to cause QEMU t
o
crash, resulting in a denial of service. (CVE-2016-5403)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
qemu-system 1:2.5+dfsg-5ubuntu10.3
qemu-system-aarch64 1:2.5+dfsg-5ubuntu10.3
qemu-system-arm 1:2.5+dfsg-5ubuntu10.3
qemu-system-mips 1:2.5+dfsg-5ubuntu10.3
qemu-system-misc 1:2.5+dfsg-5ubuntu10.3
qemu-system-ppc 1:2.5+dfsg-5ubuntu10.3
qemu-system-s390x 1:2.5+dfsg-5ubuntu10.3
qemu-system-sparc 1:2.5+dfsg-5ubuntu10.3
qemu-system-x86 1:2.5+dfsg-5ubuntu10.3

Ubuntu 14.04 LTS:
qemu-system 2.0.0+dfsg-2ubuntu1.26
qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.26
qemu-system-arm 2.0.0+dfsg-2ubuntu1.26
qemu-system-mips 2.0.0+dfsg-2ubuntu1.26
qemu-system-misc 2.0.0+dfsg-2ubuntu1.26
qemu-system-ppc 2.0.0+dfsg-2ubuntu1.26
qemu-system-sparc 2.0.0+dfsg-2ubuntu1.26
qemu-system-x86 2.0.0+dfsg-2ubuntu1.26

Ubuntu 12.04 LTS:
qemu-kvm 1.0+noroms-0ubuntu14.29

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-3047-1
CVE-2016-4439, CVE-2016-4441, CVE-2016-4453, CVE-2016-4454,
CVE-2016-4952, CVE-2016-5105, CVE-2016-5106, CVE-2016-5107,
CVE-2016-5126, CVE-2016-5238, CVE-2016-5337, CVE-2016-5338,
CVE-2016-5403, CVE-2016-6351

Package Information:
https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.3
https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.26
https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.29



Login or Register to add favorites

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    8 Files
  • 24
    Sep 24th
    15 Files
  • 25
    Sep 25th
    4 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close