ESB-2018.1620 - [Debian] qemu: Multiple vulnerabilities 2018-05-30

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.1620
                           qemu security update
                                30 May 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           qemu
Publisher:         Debian
Operating System:  Debian GNU/Linux 9
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account      
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-7550 CVE-2018-5683 CVE-2017-18043
                   CVE-2017-17381 CVE-2017-16845 CVE-2017-15289
                   CVE-2017-15268 CVE-2017-15124 CVE-2017-15119
                   CVE-2017-15038 CVE-2017-5715 

Reference:         ASB-2018.0116
                   ASB-2018.0101
                   ASB-2018.0033
                   ESB-2018.0046
                   ESB-2018.0044
                   ESB-2018.0042.2

Original Bulletin: 
   http://www.debian.org/security/2018/dsa-4213

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4213-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 29, 2018                          https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : qemu
CVE ID         : CVE-2017-5715 CVE-2017-15038 CVE-2017-15119 CVE-2017-15124
                 CVE-2017-15268 CVE-2017-15289 CVE-2017-16845 CVE-2017-17381
                 CVE-2017-18043 CVE-2018-5683 CVE-2018-7550
Debian Bug     : 877890 880832 880836 882136 883399 883625 884806 886532
                 887392 892041

Several vulnerabilities were discovered in qemu, a fast processor
emulator.

CVE-2017-15038

    Tuomas Tynkkynen discovered an information leak in 9pfs.

CVE-2017-15119

    Eric Blake discovered that the NBD server insufficiently restricts
    large option requests, resulting in denial of service.

CVE-2017-15124

    Daniel Berrange discovered that the integrated VNC server
    insufficiently restricted memory allocation, which could result in
    denial of service.

CVE-2017-15268

    A memory leak in websockets support may result in denial of service.

CVE-2017-15289

    Guoxiang Niu discovered an OOB write in the emulated Cirrus graphics
    adaptor which could result in denial of service.

CVE-2017-16845

    Cyrille Chatras discovered an information leak in PS/2 mouse and
    keyboard emulation which could be exploited during instance
    migration.

CVE-2017-17381

    Dengzhan Heyuandong Bijunhua and Liweichao discovered that an
    implementation error in the virtio vring implementation could result
    in denial of service.

CVE-2017-18043

    Eric Blake discovered an integer overflow in an internally used
    macro which could result in denial of service.

CVE-2018-5683

    Jiang Xin and Lin ZheCheng discovered an OOB memory access in the
    emulated VGA adaptor which could result in denial of service.

CVE-2018-7550

    Cyrille Chatras discovered that an OOB memory write when using
    multiboot could result in the execution of arbitrary code.

This update also backports a number of mitigations against the Spectre
v2 vulnerability affecting modern CPUs (CVE-2017-5715).  For additional
information please refer to
https://www.qemu.org/2018/01/04/spectre/

For the stable distribution (stretch), these problems have been fixed in
version 1:2.8+dfsg-6+deb9u4.

We recommend that you upgrade your qemu packages.

For the detailed security status of qemu please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/qemu

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlsNxApfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Q/ng/+MBZU0v54RPrZbRVTOQZZfFsVac+l69QrTjGwDyQKomJXR0g3awp5xxIK
/0qeeE+8lttR1FVu/go5B40wNc5y9guzO8WnWvIwR1hI7Mu16kPlrK+fLBho3q0Q
Yk820iD62urEnbTx5eBCCm3UJDD7i8wZIoACEnbeihuXcnsM37lwnSBQ5EYgOidn
h9tSjuIiQJVlRQqLSG8He6zTt7Iwga1LbGvUFiZyFxddFotDFzXz2CdQXzTlYZpW
CfSCt5dnbp6/JjLNPJkQiyPiEFrzeasza35xVGTA/c+6/vLI/S7FHWpYVDTP/ezi
giamA2QOEmsYJNRVm5JmRpBLU8lQZz5jxvLB2FJbe/1mBEjmh8SyJecG9TCVCqHq
gchbGdX1Iw2cLvub1sogkM+EF4ZLtlk7xfkiVkcWbqUKB1xGb6E5GEDT5h07yh1b
o0+EL9CgjpAIzM7AB9JODrFy0PUTY/DHU4cFVn6BYghYVq7V/MBEj+E3sm6DMVGP
EwCywxi2IHhkmvmEx0IFQdx8FU58laUoFciWXYaGZiWQFVnt+AWcRJXnsZtUFCdD
ZNnoGMnp/5EuyqJa+3imDaLiVhix3J8njNUNRhQ/zOLbFvzVuXYVy8UpZKzo3Aeq
2n6PjtRNSEj88kk3bqO8uJC71QAcOCBsIz21VTGjSt6+PhcHR/c=
=+/0Y
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWw3a8WaOgq3Tt24GAQiIgA//YhHFVVSVI9zZN+ItZV3w6XvSW5cs+HxM
VJL9hzhmp2bZUzlJEgbn7DqUv8Ad7tmsKWFAorH27RSj24DdSWBdbtIuZvZje7aS
CLfuPftItnOBp1VTLAI0hqs96mvnp7vonEaSPJXszPXd+Uw0dejmtya76DkZ6lVV
NQ47G58ADYAZRNXrvisRsvYdnBSjxTwoIC+I4JlRdrvTZXjtrpzWjTXSpbVHnN+b
yVdKV5LRGBXjYywHfWUh2sylS1yjazfDH1Qwrh9WHDjgHIOi/Go7jV0GEqqpQ6ib
NLJ+2yFFm9Udo0+uUhBkD5uqj2Bw8hMalj//Nh+ASHhrRGXjEMzhDthk5/k70Oyh
5QEJRb8mfsbnx/jYhYdttmBZ2kzfpo9nrc+kGUXO5qQwEPfxSmlpr2DHH0slgZSW
TdH+CGUJJBWZ93fKHpQg6kG77l6LtNXKhLcOCXiEHNU0r2csUy/Wq2h2Eed5++Lm
8wVUqekXLGjFtY4HIK6S30u1qVqB+WB8mc+ViFBCTNRIzIxBnzyv5LmbN4gQCY0/
pWqQj7blqX1A+MGMOqmTDhNpnV6DO3Y+u2tJoCdCuLRKPblVOdBFle9O2NhodLIu
wlfvQ1DD+tGbpGdDOQS3VomH/pCUxZm/hueCubNoM3nDiqus5PpAXcjTtJunl3SA
RquNkQgxGyI=
=fXKD
-----END PGP SIGNATURE-----

« Back to bulletins