CVE-2016-10028 Ubuntu的QEMU漏洞安全通知 (USN-3268-1)

It was discovered that QEMU incorrectly handled the Virtio GPU device.

It was discovered that QEMU incorrectly handled the JAZZ RC4030 device.

It was discovered that QEMU incorrectly handled VirtFS directory sharing.

It was discovered that QEMU incorrectly handled the Cirrus VGA device when being used with a VNC connection.

It was discovered that QEMU incorrectly handled the Virtio GPU device.

It was discovered that QEMU incorrectly handled the Virtio GPU device.

It was discovered that QEMU incorrectly handled VirtFS directory sharing.

It was discovered that QEMU incorrectly handled SDHCI device emulation.

It was discovered that QEMU incorrectly handled USB OHCI controller emulation.

An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-10028)

A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-8667)

A privileged attacker inside the guest could use this issue to access files on the host file system outside of the shared directory and possibly escalate their privileges. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2016-9602)

A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2016-9603)

An attacker inside the guest could use this issue to cause QEMU to leak contents of host memory. (CVE-2016-9908)

An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-9912, CVE-2017-5552, CVE-2017-5578)

A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2016-9914)

A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-5987)

A privileged attacker inside the guest could use this issue to cause QEMU to hang, resulting in a denial of service. (CVE-2017-6505)

Refer to Ubuntu advisory USN-3268-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3268-1: 17.04 (zesty) on src (qemu-system-arm)

USN-3268-1: 17.04 (zesty) on src (qemu-system-misc)

USN-3268-1: 17.04 (zesty) on src (qemu-system-ppc)

USN-3268-1: 17.04 (zesty) on src (qemu-system-aarch64)

USN-3268-1: 17.04 (zesty) on src (qemu-system)

USN-3268-1: 17.04 (zesty) on src (qemu-system-s390x)

USN-3268-1: 17.04 (zesty) on src (qemu-system-x86)

USN-3268-1: 17.04 (zesty) on src (qemu-system-mips)

USN-3268-1: 17.04 (zesty) on src (qemu-system-sparc)