Ubuntu alert USN-2182-1 (qemu, qemu-kvm)
| From: | Marc Deslauriers <marc.deslauriers@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-2182-1] QEMU vulnerabilities | |
| Date: | Mon, 28 Apr 2014 09:31:25 -0400 | |
| Message-ID: | <535E582D.3010702@canonical.com> |
========================================================================== Ubuntu Security Notice USN-2182-1 April 28, 2014 qemu, qemu-kvm vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 13.10 - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in QEMU. Software Description: - qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Details: Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. This issue only applied to Ubuntu 13.10 and Ubuntu 14.04 LTS. (CVE-2013-4544) Michael S. Tsirkin discovered that QEMU incorrectly handled virtio-net MAC addresses. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. (CVE-2014-0150) BenoƮt Canet discovered that QEMU incorrectly handled SMART self-tests. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. (CVE-2014-2894) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: qemu-system 2.0.0~rc1+dfsg-0ubuntu3.1 qemu-system-aarch64 2.0.0~rc1+dfsg-0ubuntu3.1 qemu-system-arm 2.0.0~rc1+dfsg-0ubuntu3.1 qemu-system-mips 2.0.0~rc1+dfsg-0ubuntu3.1 qemu-system-misc 2.0.0~rc1+dfsg-0ubuntu3.1 qemu-system-ppc 2.0.0~rc1+dfsg-0ubuntu3.1 qemu-system-sparc 2.0.0~rc1+dfsg-0ubuntu3.1 qemu-system-x86 2.0.0~rc1+dfsg-0ubuntu3.1 Ubuntu 13.10: qemu-system 1.5.0+dfsg-3ubuntu5.4 qemu-system-arm 1.5.0+dfsg-3ubuntu5.4 qemu-system-mips 1.5.0+dfsg-3ubuntu5.4 qemu-system-misc 1.5.0+dfsg-3ubuntu5.4 qemu-system-ppc 1.5.0+dfsg-3ubuntu5.4 qemu-system-sparc 1.5.0+dfsg-3ubuntu5.4 qemu-system-x86 1.5.0+dfsg-3ubuntu5.4 Ubuntu 12.10: qemu-kvm 1.2.0+noroms-0ubuntu2.12.10.7 Ubuntu 12.04 LTS: qemu-kvm 1.0+noroms-0ubuntu14.14 Ubuntu 10.04 LTS: qemu-kvm 0.12.3+noroms-0ubuntu9.22 After a standard system update you need to reboot your computer to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2182-1 CVE-2013-4544, CVE-2014-0150, CVE-2014-2894 Package Information: https://launchpad.net/ubuntu/+source/qemu/2.0.0~rc1+dfsg-... https://launchpad.net/ubuntu/+source/qemu/1.5.0+dfsg-3ubu... https://launchpad.net/ubuntu/+source/qemu-kvm/1.2.0+norom... https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-... https://launchpad.net/ubuntu/+source/qemu-kvm/0.12.3+noro... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...