[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20090512222942.GN9451@outflux.net>
Date: Tue, 12 May 2009 15:29:42 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-776-1] KVM vulnerabilities
===========================================================
Ubuntu Security Notice USN-776-1 May 12, 2009
kvm vulnerabilities
CVE-2008-1945, CVE-2008-2004, CVE-2008-2382, CVE-2008-4539,
CVE-2008-5714
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
kvm 1:62+dfsg-0ubuntu8.1
Ubuntu 8.10:
kvm 1:72+dfsg-1ubuntu6.1
After a standard system upgrade you need to restart all KVM VMs to effect
the necessary changes.
Details follow:
Avi Kivity discovered that KVM did not correctly handle certain disk
formats. A local attacker could attach a malicious partition that
would allow the guest VM to read files on the VM host. (CVE-2008-1945,
CVE-2008-2004)
Alfredo Ortega discovered that KVM's VNC protocol handler did not
correctly validate certain messages. A remote attacker could send
specially crafted VNC messages that would cause KVM to consume CPU
resources, leading to a denial of service. (CVE-2008-2382)
Jan Niehusmann discovered that KVM's Cirrus VGA implementation over VNC
did not correctly handle certain bitblt operations. A local attacker
could exploit this flaw to potentially execute arbitrary code on the VM
host or crash KVM, leading to a denial of service. (CVE-2008-4539)
It was discovered that KVM's VNC password checks did not use the correct
length. A remote attacker could exploit this flaw to cause KVM to crash,
leading to a denial of service. (CVE-2008-5714)
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kvm/kvm_62+dfsg-0ubuntu8.1.diff.gz
Size/MD5: 42599 1c6b8299b3a50806c5992be0db2cce2f
http://security.ubuntu.com/ubuntu/pool/main/k/kvm/kvm_62+dfsg-0ubuntu8.1.dsc
Size/MD5: 1082 fd477b0999056ccc60f556e9ac1e5abc
http://security.ubuntu.com/ubuntu/pool/main/k/kvm/kvm_62+dfsg.orig.tar.gz
Size/MD5: 3117412 b992a0ff585020cd5f586ac8046ad335
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/k/kvm/kvm-source_62+dfsg-0ubuntu8.1_all.deb
Size/MD5: 146416 e242cbdbe846f33ffdbc77f81008efaf
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/k/kvm/kvm_62+dfsg-0ubuntu8.1_amd64.deb
Size/MD5: 770136 aa65a634670369404840047a92714a1a
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/k/kvm/kvm_62+dfsg-0ubuntu8.1_i386.deb
Size/MD5: 709378 673b1f1b0dc7299a16101d3639f3098d
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kvm/kvm_72+dfsg-1ubuntu6.1.diff.gz
Size/MD5: 45842 8b59f530e2547c50e67b140734d44200
http://security.ubuntu.com/ubuntu/pool/main/k/kvm/kvm_72+dfsg-1ubuntu6.1.dsc
Size/MD5: 1517 b671c910d142cdb3263b726780eebbab
http://security.ubuntu.com/ubuntu/pool/main/k/kvm/kvm_72+dfsg.orig.tar.gz
Size/MD5: 3250251 899a66ae2ea94e994e06f637e1afef4a
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/k/kvm/kvm-source_72+dfsg-1ubuntu6.1_all.deb
Size/MD5: 190230 113fb528ab82213136087d1036f65822
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/k/kvm/kvm_72+dfsg-1ubuntu6.1_amd64.deb
Size/MD5: 1028390 946f7de2766b03ee6d8276b8733aca86
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/k/kvm/kvm_72+dfsg-1ubuntu6.1_i386.deb
Size/MD5: 957398 699d7cc4987430613f930b726df849f0
Download attachment "signature.asc" of type "application/pgp-signature" (236 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists