qemu vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
* Ubuntu 20.04 LTS
* Ubuntu 18.04 LTS
* Ubuntu 16.04 LTS
Summary
QEMU could be made to crash or run programs.
Software Description
* qemu - Machine emulator and virtualizer
Details
Ziming Zhang, Xiao Wei, Gonglei Arei, and Yanyu Zhang discovered
that QEMU incorrectly handled certain USB packets. An attacker
inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service, or possibly execute arbitrary
code on the host. In the default installation, when QEMU is used
with libvirt, attackers would be isolated by the libvirt AppArmor
profile.
Update instructions
The problem can be corrected by updating your system to the
following package versions:
Ubuntu 20.04 LTS
qemu - 1:4.2-3ubuntu6.6
qemu-system - 1:4.2-3ubuntu6.6
qemu-system-arm - 1:4.2-3ubuntu6.6
qemu-system-mips - 1:4.2-3ubuntu6.6
qemu-system-ppc - 1:4.2-3ubuntu6.6
qemu-system-s390x - 1:4.2-3ubuntu6.6
qemu-system-sparc - 1:4.2-3ubuntu6.6
qemu-system-x86 - 1:4.2-3ubuntu6.6
qemu-system-x86-microvm - 1:4.2-3ubuntu6.6
qemu-system-x86-xen - 1:4.2-3ubuntu6.6
Ubuntu 18.04 LTS
qemu - 1:2.11+dfsg-1ubuntu7.32
qemu-system - 1:2.11+dfsg-1ubuntu7.32
qemu-system-arm - 1:2.11+dfsg-1ubuntu7.32
qemu-system-mips - 1:2.11+dfsg-1ubuntu7.32
qemu-system-ppc - 1:2.11+dfsg-1ubuntu7.32
qemu-system-s390x - 1:2.11+dfsg-1ubuntu7.32
qemu-system-sparc - 1:2.11+dfsg-1ubuntu7.32
qemu-system-x86 - 1:2.11+dfsg-1ubuntu7.32
Ubuntu 16.04 LTS
qemu - 1:2.5+dfsg-5ubuntu10.46
qemu-block-extra - 1:2.5+dfsg-5ubuntu10.46
qemu-guest-agent - 1:2.5+dfsg-5ubuntu10.46
qemu-kvm - 1:2.5+dfsg-5ubuntu10.46
qemu-system - 1:2.5+dfsg-5ubuntu10.46
qemu-system-aarch64 - 1:2.5+dfsg-5ubuntu10.46
qemu-system-arm - 1:2.5+dfsg-5ubuntu10.46
qemu-system-common - 1:2.5+dfsg-5ubuntu10.46
qemu-system-mips - 1:2.5+dfsg-5ubuntu10.46
qemu-system-misc - 1:2.5+dfsg-5ubuntu10.46
qemu-system-ppc - 1:2.5+dfsg-5ubuntu10.46
qemu-system-s390x - 1:2.5+dfsg-5ubuntu10.46
qemu-system-sparc - 1:2.5+dfsg-5ubuntu10.46
qemu-system-x86 - 1:2.5+dfsg-5ubuntu10.46
qemu-user - 1:2.5+dfsg-5ubuntu10.46
qemu-user-binfmt - 1:2.5+dfsg-5ubuntu10.46
qemu-user-static - 1:2.5+dfsg-5ubuntu10.46
qemu-utils - 1:2.5+dfsg-5ubuntu10.46
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart all QEMU
virtual machines to make all the necessary changes.
References
* CVE-2020-14364
--- Mystic BBS v1.12 A46 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)