• QEMU vulnerability

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Thu Sep 17 16:10:03 2020
    qemu vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    QEMU could be made to crash or run programs.

    Software Description

    * qemu - Machine emulator and virtualizer

    Details

    Ziming Zhang, Xiao Wei, Gonglei Arei, and Yanyu Zhang discovered
    that QEMU incorrectly handled certain USB packets. An attacker
    inside the guest could use this issue to cause QEMU to crash,
    resulting in a denial of service, or possibly execute arbitrary
    code on the host. In the default installation, when QEMU is used
    with libvirt, attackers would be isolated by the libvirt AppArmor
    profile.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    qemu - 1:4.2-3ubuntu6.6
    qemu-system - 1:4.2-3ubuntu6.6
    qemu-system-arm - 1:4.2-3ubuntu6.6
    qemu-system-mips - 1:4.2-3ubuntu6.6
    qemu-system-ppc - 1:4.2-3ubuntu6.6
    qemu-system-s390x - 1:4.2-3ubuntu6.6
    qemu-system-sparc - 1:4.2-3ubuntu6.6
    qemu-system-x86 - 1:4.2-3ubuntu6.6
    qemu-system-x86-microvm - 1:4.2-3ubuntu6.6
    qemu-system-x86-xen - 1:4.2-3ubuntu6.6

    Ubuntu 18.04 LTS
    qemu - 1:2.11+dfsg-1ubuntu7.32
    qemu-system - 1:2.11+dfsg-1ubuntu7.32
    qemu-system-arm - 1:2.11+dfsg-1ubuntu7.32
    qemu-system-mips - 1:2.11+dfsg-1ubuntu7.32
    qemu-system-ppc - 1:2.11+dfsg-1ubuntu7.32
    qemu-system-s390x - 1:2.11+dfsg-1ubuntu7.32
    qemu-system-sparc - 1:2.11+dfsg-1ubuntu7.32
    qemu-system-x86 - 1:2.11+dfsg-1ubuntu7.32

    Ubuntu 16.04 LTS
    qemu - 1:2.5+dfsg-5ubuntu10.46
    qemu-block-extra - 1:2.5+dfsg-5ubuntu10.46
    qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.46
    qemu-kvm - 1:2.5+dfsg-5ubuntu10.46
    qemu-system - 1:2.5+dfsg-5ubuntu10.46
    qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.46
    qemu-system-arm - 1:2.5+dfsg-5ubuntu10.46
    qemu-system-common - 1:2.5+dfsg-5ubuntu10.46
    qemu-system-mips - 1:2.5+dfsg-5ubuntu10.46
    qemu-system-misc - 1:2.5+dfsg-5ubuntu10.46
    qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.46
    qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.46
    qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.46
    qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.46
    qemu-user - 1:2.5+dfsg-5ubuntu10.46
    qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.46
    qemu-user-static - 1:2.5+dfsg-5ubuntu10.46
    qemu-utils - 1:2.5+dfsg-5ubuntu10.46

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    After a standard system update you need to restart all QEMU
    virtual machines to make all the necessary changes.

    References

    * CVE-2020-14364

    --- Mystic BBS v1.12 A46 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)