漏洞信息详情
QEMU 安全漏洞
- CNNVD编号:CNNVD-201812-676
- 危害等级: 中危
- CVE编号: CVE-2018-16872
- 漏洞类型: 竞争条件问题
- 发布时间: 2018-12-14
- 威胁类型: 远程
- 更新时间: 2020-05-18
- 厂 商: qemu
- 漏洞来源: Ubuntu
漏洞简介
QEMU是法国程序员法布里斯-贝拉(Fabrice Bellard)所研发的一套模拟处理器软件。Media Transfer Protocol(MTP)是其中的一个媒体传输协议。
QEMU中的MTP存在安全漏洞。攻击者可利用该漏洞在QEMU进程的上下文中导航主机文件系统,进而读取该进程可访问的任意文件。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页:
https://www.qemu.org/
参考网址
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2019/02/msg00041.HTML
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/
来源:DEBIAN
链接:https://www.debian.org/security/2019/dsa-4454
来源:BUGTRAQ
链接:https://seclists.org/bugtraq/2019/May/76
来源:CONFIRM
链接:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16872
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.HTML
来源:BID
链接:https://www.securityfocus.com/bid/106212
来源:UBUNTU
链接:https://usn.ubuntu.com/3923-1/
来源:BID
链接:http://www.securityfocus.com/bid/106212
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/
来源:lists.debian.org
链接:https://lists.debian.org/debian-lts-announce/2019/02/msg00041.HTML
来源:www.suse.com
链接:https://www.suse.com/support/update/announcement/2019/suse-su-20190489-1/
来源:www.suse.com
链接:https://www.suse.com/support/update/announcement/2019/suse-su-20190471-1.HTML
来源:www.debian.org
链接:http://www.debian.org/security/2019/dsa-4454
来源:www.debian.org
链接:http://www.debian.org/security/2019/dsa-4454-2
来源:www.suse.com
链接:https://www.suse.com/support/update/announcement/2019/suse-su-20190423-1.HTML
来源:www.suse.com
链接:https://www.suse.com/support/update/announcement/2019/suse-su-20190582-1.HTML
来源:usn.ubuntu.com
链接:https://usn.ubuntu.com/3923-1/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/152259/Ubuntu-Security-Notice-USN-3923-1.HTML
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.1944.2/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/75754
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/76178
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/76274
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/77954
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.1944/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/76826
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/75978
受影响实体
- Qemu Qemu:-
补丁
- QEMU 安全漏洞的修复措施
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论