CVE-2016-10028 Ubuntu的QEMU漏洞安全通知 (USN-3261-1)

2017年5月3日 1088点热度 0人点赞 0条评论

漏洞类别：Ubuntu

漏洞等级：

漏洞信息

It was discovered that QEMU incorrectly handled the Virtio GPU device.

It was discovered that QEMU incorrectly handled the 6300esb watchdog.

It was discovered that QEMU incorrectly handled the i.MX Fast Ethernet Controller.

It was discovered that QEMU incorrectly handled the JAZZ RC4030 device.

It was discovered that QEMU incorrectly handled the 16550A UART device.

It was discovered that QEMU incorrectly handled the shared rings when used with Xen.

It was discovered that QEMU incorrectly handled VirtFS directory sharing.

It was discovered that QEMU incorrectly handled the Cirrus VGA device when being used with a VNC connection.

It was discovered that QEMU incorrectly handled the ColdFire Fast Ethernet Controller.

It was discovered that QEMU incorrectly handled the Virtio GPU device.

It was discovered that QEMU incorrectly handled the USB redirector.

It was discovered that QEMU incorrectly handled USB EHCI emulation.

It was discovered that QEMU incorrectly handled VirtFS directory sharing.

It was discovered that QEMU incorrectly handled the Cirrus VGA device.

It was discovered that QEMU incorrectly handled VNC connections.

It was discovered that QEMU incorrectly handled the ac97 audio device.

It was discovered that QEMU incorrectly handled the es1370 audio device.

It was discovered that QEMU incorrectly handled the 16550A UART device.

It was discovered that QEMU incorrectly handled SDHCI device emulation.

It was discovered that QEMU incorrectly handled the CCID Card device.

It was discovered that QEMU incorrectly handled the MegaRAID SAS device.

It was discovered that QEMU incorrectly handled USB xHCI controller emulation.

It was discovered that QEMU incorrectly handled SDHCI device emulation.

It was discovered that QEMU incorrectly handled USB OHCI controller emulation.

漏洞危害

An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10028, CVE-2016-10029)

A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-10155)

A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7907)

A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-8667)

A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-8669)

A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. (CVE-2016-9381)

A privileged attacker inside the guest could use this issue to access files on the host file system outside of the shared directory and possibly escalate their privileges. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2016-9602)

A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2016-9603)

A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-9776)

An attacker inside the guest could use this issue to cause QEMU to leak contents of host memory. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9845, CVE-2016-9908)

An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9846, CVE-2016-9912, CVE-2017-5552, CVE-2017-5578, CVE-2017-5857)

An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9907)

An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-9911)

A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-9913, CVE-2016-9914, CVE-2016-9915, CVE-2016-9916)

A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-9921, CVE-2016-9922)

An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-2633)

A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5525)

A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5526)

解决方案

Refer to Ubuntu advisory USN-3261-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3261-1: 14.04 (Kylin) on src (qemu-system-sparc)

USN-3261-1: 14.04 (Kylin) on src (qemu-system-mips)

USN-3261-1: 16.04 (Xenial) on src (qemu-system-aarch64)

USN-3261-1: 16.10 (Yakkety) on src (qemu-system-ppc)

USN-3261-1: 14.04 (Kylin) on src (qemu-system-misc)