USN-3826-1: QEMU vulnerabilities<\/p>\n
A security issue affects these releases of Ubuntu and its derivatives:<\/p>\n
Several security issues were fixed in QEMU.<\/p>\n
Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled
\nNE2000 device emulation. An attacker inside the guest could use this issue
\nto cause QEMU to crash, resulting in a denial of service. (CVE-2018-10839)<\/p>\n
It was discovered that QEMU incorrectly handled the Slirp networking
\nback-end. A privileged attacker inside the guest could use this issue to
\ncause QEMU to crash, resulting in a denial of service, or possibly execute
\narbitrary code on the host. In the default installation, when QEMU is used
\nwith libvirt, attackers would be isolated by the libvirt AppArmor profile.
\nThis issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu
\n18.04 LTS. (CVE-2018-11806)<\/p>\n
Fakhri Zulkifli discovered that the QEMU guest agent incorrectly handled
\ncertain QMP commands. An attacker could possibly use this issue to crash
\nthe QEMU guest agent, resulting in a denial of service. (CVE-2018-12617)<\/p>\n
Li Qiang discovered that QEMU incorrectly handled NVM Express Controller
\nemulation. An attacker inside the guest could use this issue to cause QEMU
\nto crash, resulting in a denial of service, or possibly execute arbitrary
\ncode on the host. In the default installation, when QEMU is used with
\nlibvirt, attackers would be isolated by the libvirt AppArmor profile. This
\nissue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16847)<\/p>\n
Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled
\nRTL8139 device emulation. An attacker inside the guest could use this issue
\nto cause QEMU to crash, resulting in a denial of service. (CVE-2018-17958)<\/p>\n
Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled
\nPCNET device emulation. An attacker inside the guest could use this issue
\nto cause QEMU to crash, resulting in a denial of service. (CVE-2018-17962)<\/p>\n
Daniel Shapira discovered that QEMU incorrectly handled large packet sizes.
\nAn attacker inside the guest could use this issue to cause QEMU to crash,
\nresulting in a denial of service. (CVE-2018-17963)<\/p>\n
It was discovered that QEMU incorrectly handled LSI53C895A device
\nemulation. An attacker inside the guest could use this issue to cause QEMU
\nto crash, resulting in a denial of service. (CVE-2018-18849)<\/p>\n
Moguofang discovered that QEMU incorrectly handled the IPowerNV LPC
\ncontroller. An attacker inside the guest could use this issue to cause QEMU
\nto crash, resulting in a denial of service. This issue only affected Ubuntu
\n18.04 LTS and Ubuntu 18.10. (CVE-2018-18954)<\/p>\n
Zhibin Hu discovered that QEMU incorrectly handled the Plan 9 File System
\nsupport. An attacker inside the guest could use this issue to cause QEMU
\nto crash, resulting in a denial of service. (CVE-2018-19364)<\/p>\n
The problem can be corrected by updating your system to the following package versions:<\/p>\n
To update your system, please follow these instructions: https:\/\/wiki.ubuntu.com\/Security\/Upgrades<\/a>.<\/p>\n After a standard system update you need to restart all QEMU virtual Source: USN-3826-1: QEMU vulnerabilities<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" USN-3826-1: QEMU vulnerabilities qemu vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in QEMU. Software Description qemu – Machine emulator and virtualizer Details Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled NE2000 device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-10839) It was discovered that QEMU incorrectly handled the Slirp networking back-end. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only [ more… ]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[586],"tags":[587],"class_list":["post-27749","post","type-post","status-publish","format-standard","hentry","category-ubuntu-usn","tag-ubuntu-usn"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/27749","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/comments?post=27749"}],"version-history":[{"count":1,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/27749\/revisions"}],"predecessor-version":[{"id":27750,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/27749\/revisions\/27750"}],"wp:attachment":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media?parent=27749"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/categories?post=27749"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/tags?post=27749"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nmachines to make all the necessary changes.<\/p>\nReferences<\/h2>\n
\n