========================================================================= Ubuntu Security Notice USN-3047-1 August 04, 2016 qemu, qemu-kvm vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in QEMU. Software Description: - qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Details: Li Qiang discovered that QEMU incorrectly handled 53C9X Fast SCSI controller emulation. A privileged attacker inside the guest could use th is issue to cause QEMU to crash, resulting in a denial of service, or possib ly execute arbitrary code on the host. In the default installation, when QEM U is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS . (CVE-2016-4439, CVE-2016-4441, CVE-2016-5238, CVE-2016-5338, CVE-2016-635 1) Li Qiang and Qinghao Tang discovered that QEMU incorrectly handled the VMWare VGA module. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possib ly to obtain sensitive host memory. (CVE-2016-4453, CVE-2016-4454) Li Qiang discovered that QEMU incorrectly handled VMWARE PVSCSI paravirtu al SCSI bus emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4952) Li Qiang discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Ho st Bus Adapter emulation support. A privileged attacker inside the guest cou ld use this issue to cause QEMU to crash, resulting in a denial of service, or possibly to obtain sensitive host memory. This issue only applied to Ubun tu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5105, CVE-2016-5106, CVE-2016-5107, CVE-2016-5337) It was discovered that QEMU incorrectly handled certain iSCSI asynchronou s I/O ioctl calls. An attacker inside the guest could use this issue to cau se QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is use d with libvirt, attackers would be isolated by the libvirt AppArmor profile . This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5126) Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. A privileged attacker inside the guest could use this issue to cause QEMU t o crash, resulting in a denial of service. (CVE-2016-5403) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: qemu-system 1:2.5+dfsg-5ubuntu10.3 qemu-system-aarch64 1:2.5+dfsg-5ubuntu10.3 qemu-system-arm 1:2.5+dfsg-5ubuntu10.3 qemu-system-mips 1:2.5+dfsg-5ubuntu10.3 qemu-system-misc 1:2.5+dfsg-5ubuntu10.3 qemu-system-ppc 1:2.5+dfsg-5ubuntu10.3 qemu-system-s390x 1:2.5+dfsg-5ubuntu10.3 qemu-system-sparc 1:2.5+dfsg-5ubuntu10.3 qemu-system-x86 1:2.5+dfsg-5ubuntu10.3 Ubuntu 14.04 LTS: qemu-system 2.0.0+dfsg-2ubuntu1.26 qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.26 qemu-system-arm 2.0.0+dfsg-2ubuntu1.26 qemu-system-mips 2.0.0+dfsg-2ubuntu1.26 qemu-system-misc 2.0.0+dfsg-2ubuntu1.26 qemu-system-ppc 2.0.0+dfsg-2ubuntu1.26 qemu-system-sparc 2.0.0+dfsg-2ubuntu1.26 qemu-system-x86 2.0.0+dfsg-2ubuntu1.26 Ubuntu 12.04 LTS: qemu-kvm 1.0+noroms-0ubuntu14.29 After a standard system update you need to restart all QEMU virtual machines to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-3047-1 CVE-2016-4439, CVE-2016-4441, CVE-2016-4453, CVE-2016-4454, CVE-2016-4952, CVE-2016-5105, CVE-2016-5106, CVE-2016-5107, CVE-2016-5126, CVE-2016-5238, CVE-2016-5337, CVE-2016-5338, CVE-2016-5403, CVE-2016-6351 Package Information: https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.3 https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.26 https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.29