Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in QEMU.
Software Description:
- qemu: Machine emulator and virtualizer
Details:
Gaoning Pan discovered that QEMU incorrectly handled the floppy disk
emulator. An attacker inside the guest could use this issue to cause QEMU
to crash, resulting in a denial of service. (CVE-2021-20196)
Gaoning Pan discovered that the QEMU vmxnet3 NIC emulator incorrectly
handled certain values. An attacker inside the guest could use this issue
to cause QEMU to crash, resulting in a denial of service. (CVE-2021-20203)
It was discovered that the QEMU vhost-user GPU device contained several
security issues. An attacker inside the guest could use these issues to
cause QEMU to crash, resulting in a denial of service, leak sensitive
information, or possibly execute arbitrary code. This issue only affected
Ubuntu 21.10. (CVE-2021-3544, CVE-2021-3545, CVE-2021-3546)
It was discovered that QEMU incorrectly handled bulk transfers from SPICE
client...
The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: qemu-system 1:6.0+dfsg-2expubuntu1.2 qemu-system-arm 1:6.0+dfsg-2expubuntu1.2 qemu-system-mips 1:6.0+dfsg-2expubuntu1.2 qemu-system-misc 1:6.0+dfsg-2expubuntu1.2 qemu-system-ppc 1:6.0+dfsg-2expubuntu1.2 qemu-system-s390x 1:6.0+dfsg-2expubuntu1.2 qemu-system-sparc 1:6.0+dfsg-2expubuntu1.2 qemu-system-x86 1:6.0+dfsg-2expubuntu1.2 qemu-system-x86-microvm 1:6.0+dfsg-2expubuntu1.2 qemu-system-x86-xen 1:6.0+dfsg-2expubuntu1.2 Ubuntu 20.04 LTS: qemu-system 1:4.2-3ubuntu6.21 qemu-system-arm 1:4.2-3ubuntu6.21 qemu-system-mips 1:4.2-3ubuntu6.21 qemu-system-misc 1:4.2-3ubuntu6.21 qemu-system-ppc 1:4.2-3ubuntu6.21 qemu-system-s390x 1:4.2-3ubuntu6.21 qemu-system-sparc 1:4.2-3ubuntu6.21 qemu-system-x86 1:4.2-3ubuntu6.21 qemu-system-x86-microvm 1:4.2-3ubuntu6.21 qemu-system-x86-xen 1:4.2-3ubuntu6.21 Ubuntu 18.04 LTS: qemu-system 1:2.11+dfsg-1ubuntu7.39 qemu-system-arm 1:2.11+dfsg-1ubuntu7.39 qemu-system-mips 1:2.11+dfsg-1ubuntu7.39 qemu-system-misc 1:2.11+dfsg-1ubuntu7.39 qemu-system-ppc 1:2.11+dfsg-1ubuntu7.39 qemu-system-s390x 1:2.11+dfsg-1ubuntu7.39 qemu-system-sparc 1:2.11+dfsg-1ubuntu7.39 qemu-system-x86 1:2.11+dfsg-1ubuntu7.39 After a standard system update you need to restart all QEMU virtual machines to make all the necessary changes.
https://ubuntu.com/security/notices/USN-5307-1
CVE-2021-20196, CVE-2021-20203, CVE-2021-3544, CVE-2021-3545,
CVE-2021-3546, CVE-2021-3682, CVE-2021-3713, CVE-2021-3748,
CVE-2021-3930, CVE-2021-4158, CVE-2022-0358
Get the latest Linux and open source security news straight to your inbox.