Several security issues were fixed in QEMU.
Software Description:
- qemu: Machine emulator and virtualizer
Details:
Ziming Zhang and VictorV discovered that the QEMU SLiRP networking
implementation incorrectly handled replying to certain ICMP echo requests.
An attacker inside a guest could possibly use this issue to leak host
memory to obtain sensitive information. This issue only affected Ubuntu
18.04 LTS. (CVE-2020-10756)
Eric Blake and Xueqiang Wei discovered that the QEMU NDB implementation
incorrectly handled certain requests. A remote attacker could possibly use
this issue to cause QEMU to crash, resulting in a denial of service. This
issue only affected Ubuntu 20.04 LTS. (CVE-2020-10761)
Ziming Zhang discovered that the QEMU SM501 graphics driver incorrectly
handled certain operations. An attacker inside a guest could use this issue
to cause QEMU to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2020-12829)
It ...
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: qemu 1:4.2-3ubuntu6.4 qemu-system 1:4.2-3ubuntu6.4 qemu-system-arm 1:4.2-3ubuntu6.4 qemu-system-mips 1:4.2-3ubuntu6.4 qemu-system-ppc 1:4.2-3ubuntu6.4 qemu-system-s390x 1:4.2-3ubuntu6.4 qemu-system-sparc 1:4.2-3ubuntu6.4 qemu-system-x86 1:4.2-3ubuntu6.4 qemu-system-x86-microvm 1:4.2-3ubuntu6.4 qemu-system-x86-xen 1:4.2-3ubuntu6.4 Ubuntu 18.04 LTS: qemu 1:2.11+dfsg-1ubuntu7.31 qemu-system 1:2.11+dfsg-1ubuntu7.31 qemu-system-mips 1:2.11+dfsg-1ubuntu7.31 qemu-system-ppc 1:2.11+dfsg-1ubuntu7.31 qemu-system-s390x 1:2.11+dfsg-1ubuntu7.31 qemu-system-sparc 1:2.11+dfsg-1ubuntu7.31 qemu-system-x86 1:2.11+dfsg-1ubuntu7.31 Ubuntu 16.04 LTS: qemu 1:2.5+dfsg-5ubuntu10.45 qemu-system 1:2.5+dfsg-5ubuntu10.45 qemu-system-aarch64 1:2.5+dfsg-5ubuntu10.45 qemu-system-arm 1:2.5+dfsg-5ubuntu10.45 qemu-system-mips 1:2.5+dfsg-5ubuntu10.45 qemu-system-ppc 1:2.5+dfsg-5ubuntu10.45 qemu-system-s390x 1:2.5+dfsg-5ubuntu10.45 qemu-system-sparc 1:2.5+dfsg-5ubuntu10.45 qemu-system-x86 1:2.5+dfsg-5ubuntu10.45 After a standard system update you need to restart all QEMU virtual machines to make all the necessary changes.
https://ubuntu.com/security/notices/USN-4467-1
CVE-2020-10756, CVE-2020-10761, CVE-2020-12829, CVE-2020-13253,
CVE-2020-13361, CVE-2020-13362, CVE-2020-13659, CVE-2020-13754,
CVE-2020-13765, CVE-2020-13800, CVE-2020-14415, CVE-2020-15863,
CVE-2020-16092
Get the latest Linux and open source security news straight to your inbox.