USN-8412-1 introduced a regression in QEMU
Software Description:
- qemu: Machine emulator and virtualizer
Details:
USN-8412-1 fixed vulnerabilities QEMU. On Ubuntu 20.04 LTS, the fix for
CVE-2024-4467 was incomplete and prevented the creation of boot volumes
from qcow2 images. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Felipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that the
iSCSI block driver in QEMU incorrectly handled certain responses from an
iSCSI server. A remote attacker could possibly use this issue to cause
QEMU to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-1711)
It was discovered that the iSCSI block driver in QEMU incorrectly handled
certain memory operations, leading to a heap-based buffer over-read. An
attacker could possibly use this issue to expose sensitive information
from the host. This issue on...
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
qemu 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-block-extra 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-guest-agent 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-kvm 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-system 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-system-arm 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-system-common 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-system-data 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-system-gui 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-system-mips 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-system-misc 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-system-ppc 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-system-s390x 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-system-sparc 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-system-x86 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-system-x86-microvm 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-system-x86-xen 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-user 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-user-binfmt 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-user-static 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
qemu-utils 1:4.2-3ubuntu6.30+esm3
Available with Ubuntu Pro
After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.https://ubuntu.com/security/notices/USN-8412-3
https://ubuntu.com/security/notices/USN-8412-2
https://ubuntu.com/security/notices/USN-8412-1
https://launchpad.net/bugs/2158180
Get the latest Linux and open source security news straight to your inbox.