Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

Ubuntu 20.04 LTS: USN-4467-1 Critical: QEMU Denial Of Service Issues

ubuntu
Calendar Grey August 19, 2020
Dist Ubuntu Esm H88
The Ubuntu Security Notice USN-4467-1 highlights critical vulnerabilities found in QEMU as of August 2020, urging users to update immediately to secure systems
Several security issues were fixed in QEMU.

Summary

Several security issues were fixed in QEMU.

Software Description:

- qemu: Machine emulator and virtualizer

Details:

Ziming Zhang and VictorV discovered that the QEMU SLiRP networking

implementation incorrectly handled replying to certain ICMP echo requests.

An attacker inside a guest could possibly use this issue to leak host

memory to obtain sensitive information. This issue only affected Ubuntu

18.04 LTS. (CVE-2020-10756)

Eric Blake and Xueqiang Wei discovered that the QEMU NDB implementation

incorrectly handled certain requests. A remote attacker could possibly use

this issue to cause QEMU to crash, resulting in a denial of service. This

issue only affected Ubuntu 20.04 LTS. (CVE-2020-10761)

Ziming Zhang discovered that the QEMU SM501 graphics driver incorrectly

handled certain operations. An attacker inside a guest could use this issue

to cause QEMU to crash, resulting in a denial of service, or possibly

execute arbitrary code. (CVE-2020-12829)

It ...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  qemu                            1:4.2-3ubuntu6.4
  qemu-system                     1:4.2-3ubuntu6.4
  qemu-system-arm                 1:4.2-3ubuntu6.4
  qemu-system-mips                1:4.2-3ubuntu6.4
  qemu-system-ppc                 1:4.2-3ubuntu6.4
  qemu-system-s390x               1:4.2-3ubuntu6.4
  qemu-system-sparc               1:4.2-3ubuntu6.4
  qemu-system-x86                 1:4.2-3ubuntu6.4
  qemu-system-x86-microvm         1:4.2-3ubuntu6.4
  qemu-system-x86-xen             1:4.2-3ubuntu6.4

Ubuntu 18.04 LTS:
  qemu                            1:2.11+dfsg-1ubuntu7.31
  qemu-system                     1:2.11+dfsg-1ubuntu7.31
  qemu-system-mips                1:2.11+dfsg-1ubuntu7.31
  qemu-system-ppc                 1:2.11+dfsg-1ubuntu7.31
  qemu-system-s390x               1:2.11+dfsg-1ubuntu7.31
  qemu-system-sparc               1:2.11+dfsg-1ubuntu7.31
  qemu-system-x86                 1:2.11+dfsg-1ubuntu7.31

Ubuntu 16.04 LTS:
  qemu                            1:2.5+dfsg-5ubuntu10.45
  qemu-system                     1:2.5+dfsg-5ubuntu10.45
  qemu-system-aarch64             1:2.5+dfsg-5ubuntu10.45
  qemu-system-arm                 1:2.5+dfsg-5ubuntu10.45
  qemu-system-mips                1:2.5+dfsg-5ubuntu10.45
  qemu-system-ppc                 1:2.5+dfsg-5ubuntu10.45
  qemu-system-s390x               1:2.5+dfsg-5ubuntu10.45
  qemu-system-sparc               1:2.5+dfsg-5ubuntu10.45
  qemu-system-x86                 1:2.5+dfsg-5ubuntu10.45

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4467-1

CVE-2020-10756, CVE-2020-10761, CVE-2020-12829, CVE-2020-13253,

CVE-2020-13361, CVE-2020-13362, CVE-2020-13659, CVE-2020-13754,

CVE-2020-13765, CVE-2020-13800, CVE-2020-14415, CVE-2020-15863,

CVE-2020-16092

Severity
critical
Lowest
Low
Medium
High
Critical

August 19, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here