Ubuntu Security Notice USN-6954-1

Ubuntu Security Notice USN-6954-1: Posted Aug 13, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6954-1 - Markus Frank and Fiona Ebner discovered that QEMU did not properly handle certain memory operations, leading to a NULL pointer dereference. An authenticated user could potentially use this issue to cause a denial of service. Xiao Lei discovered that QEMU did not properly handle certain memory operations when specific features were enabled, which could lead to a stack overflow. An attacker could potentially use this issue to leak sensitive information.; tags | advisory, denial of service, overflow; systems | linux, ubuntu; advisories | CVE-2023-6683, CVE-2023-6693, CVE-2024-24474; SHA-256 | 5c70c34349ef05f8fd57112b4c93197e6bf74e580c97f6d8cc62a176442cefd3; Download | Favorite | View

Ubuntu Security Notice USN-6954-1

==========================================================================
Ubuntu Security Notice USN-6954-1
August 13, 2024

qemu vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in QEMU.

Software Description:
- qemu: Machine emulator and virtualizer

Details:

Markus Frank and Fiona Ebner discovered that QEMU did not properly
handle certain memory operations, leading to a NULL pointer dereference.
An authenticated user could potentially use this issue to cause a denial
of service. (CVE-2023-6683)

Xiao Lei discovered that QEMU did not properly handle certain memory
operations when specific features were enabled, which could lead to a
stack overflow. An attacker could potentially use this issue to leak
sensitive information. (CVE-2023-6693)

It was discovered that QEMU had an integer underflow vulnerability in
the TI command, which would result in a buffer overflow. An attacker
could potentially use this issue to cause a denial of service.
(CVE-2024-24474)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
   qemu-system                     1:6.2+dfsg-2ubuntu6.22
   qemu-system-arm                 1:6.2+dfsg-2ubuntu6.22
   qemu-system-mips                1:6.2+dfsg-2ubuntu6.22
   qemu-system-misc                1:6.2+dfsg-2ubuntu6.22
   qemu-system-ppc                 1:6.2+dfsg-2ubuntu6.22
   qemu-system-s390x               1:6.2+dfsg-2ubuntu6.22
   qemu-system-sparc               1:6.2+dfsg-2ubuntu6.22
   qemu-system-x86-xen             1:6.2+dfsg-2ubuntu6.22

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6954-1
   CVE-2023-6683, CVE-2023-6693, CVE-2024-24474

Package Information:
   https://launchpad.net/ubuntu/+source/qemu/1:6.2+dfsg-2ubuntu6.22

Top Authors In Last 30 Days

Red Hat 250 files
indoushka 184 files
Ubuntu 99 files
Gentoo 32 files
Debian 18 files
malvuln 13 files
Frederik Beimgraben 11 files
Chris Beiter 11 files
Matthias Deeg 11 files
Apple 10 files

File Archives

Systems

AIX (430)
Apple (2,115)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,132)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (390)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,415)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,936)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,896)
UNIX (9,464)
UnixWare (188)
Windows (6,782)
Other

Ubuntu Security Notice USN-6954-1

Ubuntu Security Notice USN-6954-1

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-6954-1

Share This

Ubuntu Security Notice USN-6954-1

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems