SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   QEMU Vendors:   QEMU.org
(Oracle Issues Fix for Oracle Linux for QEMU) Xen Bug in Cirrus Display Emulation Lets Local Users on a Guest System Gain Elevated Privileges on the Host System
SecurityTracker Alert ID:  1037904
SecurityTracker URL:  http://securitytracker.com/id/1037904
CVE Reference:   CVE-2017-2615   (Links to External Site)
Date:  Feb 24 2017
Impact:   Disclosure of system information, Disclosure of user information, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Xen. A local administrative user on the guest system can obtain potentially sensitive information or gain elevated privileges on the host system. QEMU is affected.

A local administrative user on the guest system can trigger an out-of-bounds memory access error in qemu in the Cirrus display emulation code to obtain potentially sensitive information from system memory or potentially gain elevated privileges on the host system.

x86 systems with the qemu process running in dom0 and with HVM guests are affected.

ARM systems are not affected.

PV guests are not affected.

Impact:   A local administrative user on the guest system can obtain potentially sensitive information or gain elevated privileges on the host system.
Solution:   Oracle has issued a fix for QEMU.

The Oracle Linux advisory is available at:

http://linux.oracle.com/errata/ELSA-2017-0309.html

Vendor URL:  linux.oracle.com/errata/ELSA-2017-0309.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Oracle)
Underlying OS Comments:  6

Message History:   This archive entry is a follow-up to the message listed below.
Feb 10 2017 Xen Bug in Cirrus Display Emulation Lets Local Users on a Guest System Gain Elevated Privileges on the Host System



 Source Message Contents

Subject:  [El-errata] ELSA-2017-0309 Important: Oracle Linux 6 qemu-kvm security and bug fix update

Oracle Linux Security Advisory ELSA-2017-0309

http://linux.oracle.com/errata/ELSA-2017-0309.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
qemu-guest-agent-0.12.1.2-2.491.el6_8.6.i686.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.491.el6_8.6.x86_64.rpm
qemu-img-0.12.1.2-2.491.el6_8.6.x86_64.rpm
qemu-kvm-0.12.1.2-2.491.el6_8.6.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.491.el6_8.6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/qemu-kvm-0.12.1.2-2.491.el6_8.6.src.rpm



Description of changes:

[0.12.1.2-2.491.el6_8.6]
- kvm-cirrus_vga-fix-division-by-0-for-color-expansion-rop.patch 
[bz#1418230 bz#1419416]
- kvm-cirrus_vga-fix-off-by-one-in-blit_region_is_unsafe.patch 
[bz#1418230 bz#1419416]
- kvm-display-cirrus-check-vga-bits-per-pixel-bpp-value.patch 
[bz#1418230 bz#1419416]
- kvm-display-cirrus-ignore-source-pitch-value-as-needed-i.patch 
[bz#1418230 bz#1419416]
- kvm-cirrus-handle-negative-pitch-in-cirrus_invalidate_re.patch 
[bz#1418230 bz#1419416]
- kvm-cirrus-allow-zero-source-pitch-in-pattern-fill-rops.patch 
[bz#1418230 bz#1419416]
- kvm-cirrus-fix-blit-address-mask-handling.patch [bz#1418230 bz#1419416]
- kvm-cirrus-fix-oob-access-issue-CVE-2017-2615.patch [bz#1418230 
bz#1419416]
- Resolves: bz#1418230
   (CVE-2017-2615 qemu-kvm: Qemu: display: cirrus: oob access while 
doing bitblt copy backward mode [rhel-6.8.z])
- Resolves: bz#1419416
   (CVE-2017-2615 qemu-kvm-rhev: Qemu: display: cirrus: oob access while 
doing bitblt copy backward mode [rhel-6.8.z])

[0.12.1.2-2.491.el6_8.5]
- kvm-net-check-packet-payload-length.patch [bz#1398213]
- Resolves: bz#1398213
   (CVE-2016-2857 qemu-kvm: Qemu: net: out of bounds read in 
net_checksum_calculate() [rhel-6.8.z])

[0.12.1.2-2.491.el6.4]
- kvm-virtio-introduce-virtqueue_unmap_sg.patch [bz#1408389]
- kvm-virtio-introduce-virtqueue_discard.patch [bz#1408389]
- kvm-virtio-decrement-vq-inuse-in-virtqueue_discard.patch [bz#1408389]
- kvm-balloon-fix-segfault-and-harden-the-stats-queue.patch [bz#1408389]
- kvm-virtio-balloon-discard-virtqueue-element-on-reset.patch [bz#1408389]
- kvm-virtio-zero-vq-inuse-in-virtio_reset.patch [bz#1408389]
- Resolves: bz#1408389
   ([RHEL6.8.z] KVM guest shuts itself down after 128th reboot)


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC