Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu 19.10, 18.04 LTS, 16.04 LTS: USN-4283-1 QEMU Security Threats

ubuntu
Calendar Grey February 18, 2020
Dist Ubuntu Esm H88
=========================================================================Ubuntu Security Notice USN-
Several security issues were fixed in QEMU.

Summary

Several security issues were fixed in QEMU.

Software Description:

- qemu: Machine emulator and virtualizer

Details:

Felipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that QEMU

incorrectly handled iSCSI server responses. A remote attacker in control of

the iSCSI server could use this issue to cause QEMU to crash, leading to a

denial of service, or possibly execute arbitrary code. (CVE-2020-1711)

It was discovered that the QEMU libslirp component incorrectly handled

memory. A remote attacker could use this issue to cause QEMU to crash,

resulting in a denial of service, or possibly execute arbitrary code.

(CVE-2020-7039, CVE-2020-8608)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
  qemu                            1:4.0+dfsg-0ubuntu9.4
  qemu-system                     1:4.0+dfsg-0ubuntu9.4
  qemu-system-arm                 1:4.0+dfsg-0ubuntu9.4
  qemu-system-mips                1:4.0+dfsg-0ubuntu9.4
  qemu-system-ppc                 1:4.0+dfsg-0ubuntu9.4
  qemu-system-s390x               1:4.0+dfsg-0ubuntu9.4
  qemu-system-sparc               1:4.0+dfsg-0ubuntu9.4
  qemu-system-x86                 1:4.0+dfsg-0ubuntu9.4

Ubuntu 18.04 LTS:
  qemu                            1:2.11+dfsg-1ubuntu7.23
  qemu-system                     1:2.11+dfsg-1ubuntu7.23
  qemu-system-arm                 1:2.11+dfsg-1ubuntu7.23
  qemu-system-mips                1:2.11+dfsg-1ubuntu7.23
  qemu-system-ppc                 1:2.11+dfsg-1ubuntu7.23
  qemu-system-s390x               1:2.11+dfsg-1ubuntu7.23
  qemu-system-sparc               1:2.11+dfsg-1ubuntu7.23
  qemu-system-x86                 1:2.11+dfsg-1ubuntu7.23

Ubuntu 16.04 LTS:
  qemu                            1:2.5+dfsg-5ubuntu10.43
  qemu-system                     1:2.5+dfsg-5ubuntu10.43
  qemu-system-aarch64             1:2.5+dfsg-5ubuntu10.43
  qemu-system-arm                 1:2.5+dfsg-5ubuntu10.43
  qemu-system-mips                1:2.5+dfsg-5ubuntu10.43
  qemu-system-ppc                 1:2.5+dfsg-5ubuntu10.43
  qemu-system-s390x               1:2.5+dfsg-5ubuntu10.43
  qemu-system-sparc               1:2.5+dfsg-5ubuntu10.43
  qemu-system-x86                 1:2.5+dfsg-5ubuntu10.43

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4283-1

CVE-2020-1711, CVE-2020-7039, CVE-2020-8608

Severity
important
Lowest
Low
Medium
High
Critical

February 18, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here