USN-776-1: KVM vulnerabilities
Posted on: 05/13/2009 01:40 AM

A new KVM vulnerabilities update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-776-1 May 12, 2009
kvm vulnerabilities
CVE-2008-1945, CVE-2008-2004, CVE-2008-2382, CVE-2008-4539,
CVE-2008-5714
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
kvm 1:62+dfsg-0ubuntu8.1

Ubuntu 8.10:
kvm 1:72+dfsg-1ubuntu6.1

After a standard system upgrade you need to restart all KVM VMs to effect
the necessary changes.

Details follow:

Avi Kivity discovered that KVM did not correctly handle certain disk
formats. A local attacker could attach a malicious partition that
would allow the guest VM to read files on the VM host. (CVE-2008-1945,
CVE-2008-2004)

Alfredo Ortega discovered that KVM's VNC protocol handler did not
correctly validate certain messages. A remote attacker could send
specially crafted VNC messages that would cause KVM to consume CPU
resources, leading to a denial of service. (CVE-2008-2382)

Jan Niehusmann discovered that KVM's Cirrus VGA implementation over VNC
did not correctly handle certain bitblt operations. A local attacker
could exploit this flaw to potentially execute arbitrary code on the VM
host or crash KVM, leading to a denial of service. (CVE-2008-4539)

It was discovered that KVM's VNC password checks did not use the correct
length. A remote attacker could exploit this flaw to cause KVM to crash,
leading to a denial of service. (CVE-2008-5714)


Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/k/kvm/kvm_62+dfsg-0ubuntu8.1.diff.gz
Size/MD5: 42599 1c6b8299b3a50806c5992be0db2cce2f
http://security.ubuntu.com/ubuntu/pool/main/k/kvm/kvm_62+dfsg-0ubuntu8.1.dsc
Size/MD5: 1082 fd477b0999056ccc60f556e9ac1e5abc
http://security.ubuntu.com/ubuntu/pool/main/k/kvm/kvm_62+dfsg.orig.tar.gz
Size/MD5: 3117412 b992a0ff585020cd5f586ac8046ad335

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/k/kvm/kvm-source_62+dfsg-0ubuntu8.1_all.deb
Size/MD5: 146416 e242cbdbe846f33ffdbc77f81008efaf

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/k/kvm/kvm_62+dfsg-0ubuntu8.1_amd64.deb
Size/MD5: 770136 aa65a634670369404840047a92714a1a

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/k/kvm/kvm_62+dfsg-0ubuntu8.1_i386.deb
Size/MD5: 709378 673b1f1b0dc7299a16101d3639f3098d

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/k/kvm/kvm_72+dfsg-1ubuntu6.1.diff.gz
Size/MD5: 45842 8b59f530e2547c50e67b140734d44200
http://security.ubuntu.com/ubuntu/pool/main/k/kvm/kvm_72+dfsg-1ubuntu6.1.dsc
Size/MD5: 1517 b671c910d142cdb3263b726780eebbab
http://security.ubuntu.com/ubuntu/pool/main/k/kvm/kvm_72+dfsg.orig.tar.gz
Size/MD5: 3250251 899a66ae2ea94e994e06f637e1afef4a

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/k/kvm/kvm-source_72+dfsg-1ubuntu6.1_all.deb
Size/MD5: 190230 113fb528ab82213136087d1036f65822

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/k/kvm/kvm_72+dfsg-1ubuntu6.1_amd64.deb
Size/MD5: 1028390 946f7de2766b03ee6d8276b8733aca86

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/k/kvm/kvm_72+dfsg-1ubuntu6.1_i386.deb
Size/MD5: 957398 699d7cc4987430613f930b726df849f0


--oyUTqETQ0mS9luUI
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Kees Cook lt;kees@outflux.netgt;

iEYEARECAAYFAkoJ+FYACgkQH/9LqRcGPm0obQCeJ0pjlveiV9f+mXG0BZLGVHZZ
GE0AnRl8/725cZSemrBvO/lPgsv5eLkY
=MhLL
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_776_1_kvm_vulnerabilities.html)