NS-SA-2019-0108

简介

important: qemu-kvm/bash security update

严重级别

important

主题

An update for qemu-kvm/bash is now available for NewStart CGSL MAIN 4.05.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

qemu-kvm: This package provides a qemu guest agent daemon to be running inside of linux guests to provide the guest information.
bash: The GNU Bourne Again shell (Bash) is a shell or command language interpreter that is compatible with the Bourne shell (sh). Bash incorporates useful features from the Korn shell (ksh) and the C shell (csh). Most sh scripts can be run by bash without modification.


Security Fix(es):
qemu-kvm: Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.(CVE-2017-2620)
qemu-kvm: Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.(CVE-2017-2615)
qemu-kvm: An out-of-bounds memory access issue was found in Quick Emulator (QEMU) in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.(CVE-2017-2633)
qemu-kvm: An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU's VGA emulator set certain VGA registers while in VBE mode. A privileged guest user could use this flaw to crash the QEMU process instance.(CVE-2016-3712)
qemu-kvm: An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service).(CVE-2016-2857)
qemu-kvm: A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.(CVE-2016-9603)
qemu-kvm: An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service.(CVE-2017-7718)
qemu-kvm: An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.(CVE-2017-7980)
qemu-kvm: bugfix
bash: A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session.(CVE-2016-9401)
bash: An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances.(CVE-2016-7543)
bash: An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances.(CVE-2016-0634)
bash: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 4.05.F5.

影响组件

• qemu-kvm
• bash

影响产品

• CGSL MAIN 4.05

更新包

CVE

• CVE-2017-2620
• CVE-2017-2615
• CVE-2017-2633
• CVE-2016-3712
• CVE-2016-2857
• CVE-2016-9603
• CVE-2017-7718
• CVE-2017-7980
• CVE-2016-9401
• CVE-2016-7543
• CVE-2016-0634

参考

• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2620
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2615
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2633
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3712
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2857
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9603
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7718
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7980
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9401
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7543
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0634