Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 428
Alerts This Week
Warning Icon 1 428

Ubuntu 16.10-16.04 LTS USN-3261-1 Moderate: QEMU Denial of Service

ubuntu
Calendar Grey April 20, 2017
Dist Ubuntu Esm H88
Revise your Ubuntu environment to address urgent QEMU vulnerabilities impacting virtual machines and to uphold security robustness.
Several security issues were fixed in QEMU.

Summary

Several security issues were fixed in QEMU.

Software Description:

- qemu: Machine emulator and virtualizer

Details:

Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU

device. An attacker inside the guest could use this issue to cause QEMU to

crash, resulting in a denial of service. This issue only affected Ubuntu

16.04 LTS and Ubuntu 16.10. (CVE-2016-10028, CVE-2016-10029)

Li Qiang discovered that QEMU incorrectly handled the 6300esb watchdog. A

privileged attacker inside the guest could use this issue to cause QEMU to

crash, resulting in a denial of service. (CVE-2016-10155)

Li Qiang discovered that QEMU incorrectly handled the i.MX Fast Ethernet

Controller. A privileged attacker inside the guest could use this issue to

cause QEMU to crash, resulting in a denial of service. This issue only

affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7907)

It was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A

privileged at...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
  qemu-system                     1:2.6.1+dfsg-0ubuntu5.4
  qemu-system-aarch64             1:2.6.1+dfsg-0ubuntu5.4
  qemu-system-arm                 1:2.6.1+dfsg-0ubuntu5.4
  qemu-system-mips                1:2.6.1+dfsg-0ubuntu5.4
  qemu-system-misc                1:2.6.1+dfsg-0ubuntu5.4
  qemu-system-ppc                 1:2.6.1+dfsg-0ubuntu5.4
  qemu-system-s390x               1:2.6.1+dfsg-0ubuntu5.4
  qemu-system-sparc               1:2.6.1+dfsg-0ubuntu5.4
  qemu-system-x86                 1:2.6.1+dfsg-0ubuntu5.4

Ubuntu 16.04 LTS:
  qemu-system                     1:2.5+dfsg-5ubuntu10.11
  qemu-system-aarch64             1:2.5+dfsg-5ubuntu10.11
  qemu-system-arm                 1:2.5+dfsg-5ubuntu10.11
  qemu-system-mips                1:2.5+dfsg-5ubuntu10.11
  qemu-system-misc                1:2.5+dfsg-5ubuntu10.11
  qemu-system-ppc                 1:2.5+dfsg-5ubuntu10.11
  qemu-system-s390x               1:2.5+dfsg-5ubuntu10.11
  qemu-system-sparc               1:2.5+dfsg-5ubuntu10.11
  qemu-system-x86                 1:2.5+dfsg-5ubuntu10.11

Ubuntu 14.04 LTS:
  qemu-system                     2.0.0+dfsg-2ubuntu1.33
  qemu-system-aarch64             2.0.0+dfsg-2ubuntu1.33
  qemu-system-arm                 2.0.0+dfsg-2ubuntu1.33
  qemu-system-mips                2.0.0+dfsg-2ubuntu1.33
  qemu-system-misc                2.0.0+dfsg-2ubuntu1.33
  qemu-system-ppc                 2.0.0+dfsg-2ubuntu1.33
  qemu-system-sparc               2.0.0+dfsg-2ubuntu1.33
  qemu-system-x86                 2.0.0+dfsg-2ubuntu1.33

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3261-1

CVE-2016-10028, CVE-2016-10029, CVE-2016-10155, CVE-2016-7907,

CVE-2016-8667, CVE-2016-8669, CVE-2016-9381, CVE-2016-9602,

CVE-2016-9603, CVE-2016-9776, CVE-2016-9845, CVE-2016-9846,

CVE-2016-9907, CVE-2016-9908, CVE-2016-9911, CVE-2016-9912,

CVE-2016-9913, CVE-2016-9914, CVE-2016-9915, CVE-2016-9916,

CVE-2016-9921, CVE-2016-9922, CVE-2017-2615, CVE-2017-2620,

CVE-2017-2633, CVE-2017-5525, CVE-2017-5526, CVE-2017-5552,

CVE-2017-5578, CVE-2017-5579, CVE-2017-5667, CVE-2017-5856,

CVE-2017-5857, CVE-2017-5898, CVE-2017-5973, CVE-2017-5987,

CVE-2017-6505

April 20, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.