Ubuntu 13.10: USN-2092-1 Critical: QEMU Privilege Escalation & DoS
Jan 30, 2014
•
LinuxSecurity Advisories
1 - 2 min read
Several security issues were fixed in QEMU.
=========================================================================Ubuntu Security Notice USN-2092-1 January 30, 2014 qemu, qemu-kvm vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 12.10 - Ubuntu 12.04 LTS Summary: Several security issues were fixed in QEMU. Software Description: - qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Details: Asias He discovered that QEMU incorrectly handled SCSI controllers with more than 256 attached devices. A local user could possibly use this flaw to elevate privileges. (CVE-2013-4344) It was discovered that QEMU incorrectly handled Xen disks. A local guest could possibly use this flaw to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.10 and Ubuntu 13.10. (CVE-2013-4375) Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibly use this flaw to cause a denial of service. This issue only affected Ubuntu 13.10. (CVE-2013-4377) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: qemu-system 1.5.0+dfsg-3ubuntu5.3 qemu-system-arm 1.5.0+dfsg-3ubuntu5.3 qemu-system-mips 1.5.0+dfsg-3ubuntu5.3 qemu-system-misc 1.5.0+dfsg-3ubuntu5.3 qemu-system-ppc 1.5.0+dfsg-3ubuntu5.3 qemu-system-sparc 1.5.0+dfsg-3ubuntu5.3 qemu-system-x86 1.5.0+dfsg-3ubuntu5.3 Ubuntu 12.10: qemu-kvm 1.2.0+noroms-0ubuntu2.12.10.6 Ubuntu 12.04 LTS: qemu-kvm 1.0+noroms-0ubuntu14.13 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2092-1 CVE-2013-4344, CVE-2013-4375, CVE-2013-4377 Package Information: https://launchpad.net/ubuntu/+source/qemu/1.5.0+dfsg-3ubuntu5.3 https://launchpad.net/ubuntu/+source/qemu-kvm/1.2.0+noroms-0ubuntu2.12.10.6 https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.13
PREVIOUS
NEXT
Ubuntu 13.10: USN-2092-1 Critical: QEMU Privilege Escalation & DoS
ubuntu
January 30, 2014
Several security issues were fixed in QEMU.
Summary
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: qemu-system 1.5.0+dfsg-3ubuntu5.3 qemu-system-arm 1.5.0+dfsg-3ubuntu5.3 qemu-system-mips 1.5.0+dfsg-3ubuntu5.3 qemu-system-misc 1.5.0+dfsg-3ubuntu5.3 qemu-system-ppc 1.5.0+dfsg-3ubuntu5.3 qemu-system-sparc 1.5.0+dfsg-3ubuntu5.3 qemu-system-x86 1.5.0+dfsg-3ubuntu5.3 Ubuntu 12.10: qemu-kvm 1.2.0+noroms-0ubuntu2.12.10.6 Ubuntu 12.04 LTS: qemu-kvm 1.0+noroms-0ubuntu14.13 After a standard system update you need to reboot your computer to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-2092-1
CVE-2013-4344, CVE-2013-4375, CVE-2013-4377
Severity
critical
Lowest
Low
Medium
High
Critical
January 30, 2014
Package Information
https://launchpad.net/ubuntu/+source/qemu/1.5.0+dfsg-3ubuntu5.3 https://launchpad.net/ubuntu/+source/qemu-kvm/1.2.0+noroms-0ubuntu2.12.10.6 https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.13
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!