Qemu 远程代码执行漏洞(CVE-2017-2620)

Posted mrhonest

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Qemu 远程代码执行漏洞(CVE-2017-2620)相关的知识,希望对你有一定的参考价值。

漏洞描述
QEMU是一款开源模拟器软件。
QEMU在实现上存在越界访问漏洞,在cirrus_bitblt_cputovideo中复制VGA数据时会触发此漏洞,导致QEMU进程崩溃或执行任意代码。
解决方法
以下是各Linux/Unix发行版系统针对此漏洞发布的安全公告,可以参考对应系统的安全公告修复该漏洞:
Ubuntu
----------------
USN-3261-1: [USN-3261-1] QEMU vulnerabilities
链接: https://www.ubuntu.com/usn/usn-3261-1
Red Hat Enterprise Linux
----------------
链接: https://access.redhat.com/security/cve/CVE-2017-2620
CentOS
----------------
CESA-2017:0352: CESA-2017:0352 Important CentOS 6 qemu-kvm Security Update
链接: https://lists.centos.org/pipermail/centos-announce/2017-March/022294.html
CESA-2017:0396: CESA-2017:0396 Important CentOS 7 qemu-kvm Security Update
链接: https://lists.centos.org/pipermail/centos-announce/2017-March/022321.html
CESA-2017:0454: CESA-2017:0454 Important CentOS 5 kvm Security Update
链接: https://lists.centos.org/pipermail/centos-announce/2017-March/022325.html
Gentoo
----------------
GLSA-201704-01: QEMU: Multiple vulnerabilities
链接: https://security.gentoo.org/glsa/201704-01
GLSA-201703-07: Xen: Privilege Escalation
链接: https://security.gentoo.org/glsa/201703-07
FreeBSD
----------------
8cbd9c08-f8b9-11e6-ae1b-002590263bf5: xen-tools -- cirrus_bitblt_cputovideo does not check if memory region is safe
链接: http://vuxml.freebsd.org/freebsd/8cbd9c08-f8b9-11e6-ae1b-002590263bf5.html
openSUSE
----------------
openSUSE-SU-2017:0707-1: openSUSE Security Update: Security update for qemu
链接: https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00011.html
openSUSE-SU-2017:0665-1: openSUSE Security Update: Security update for xen
链接: https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00008.html
openSUSE-SU-2017:1312-1: openSUSE Security Update: Security update for qemu
链接: https://lists.opensuse.org/opensuse-updates/2017-05/msg00058.html
SUSE
----------------
链接: https://www.suse.com/security/cve/CVE-2017-2620/
Fedora
----------------
FEDORA-2017-62ac1230f7: Fedora 24 Update: qemu-2.6.2-7.fc24
链接: https://lists.fedoraproject.org/archives/list/[email protected]/thread/X3M6HH35GUTRSIKPUWQYKAFUOT25GJXE/
FEDORA-2017-31b976672b: Fedora 25 Update: qemu-2.7.1-4.fc25
链接: https://lists.fedoraproject.org/archives/list/[email protected]/thread/MYFUMFAMU5GEQUVDAYGEUWAHFPUP2DN6/
FEDORA-2017-1607a3a78e: Fedora 24 Update: xen-4.6.4-8.fc24
链接: https://lists.fedoraproject.org/archives/list/[email protected]/thread/OIGV7IRUPTCLPEQ62PZGHOY6IVIGG4IS/
FEDORA-2017-266ab882cd: Fedora 25 Update: xen-4.7.1-9.fc25
链接: https://lists.fedoraproject.org/archives/list/[email protected]/thread/JCEEPYGCOQ2S5SJYWOMZQDTBZ6RFLXUX/
Oracle Linux
----------------
链接: https://linux.oracle.com/cve/CVE-2017-2620.html
EulerOS
----------------
链接: http://developer.huawei.com/ict/cn/site-euleros/euleros/cve/CVE-2017-2620

以上是关于Qemu 远程代码执行漏洞(CVE-2017-2620)的主要内容,如果未能解决你的问题,请参考以下文章

php 远程代码执行漏洞 怎么修复

远程代码执行漏洞是啥意思

openssh 远程代码执行漏洞 怎么解决

远程执行代码漏洞有啥危害?

远程漏洞远程代码执行漏洞的二三事

为啥电脑总会出现远程执行代码漏洞,修复了还是出?