Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in QEMU.
Software Description:
- qemu: Machine emulator and virtualizer
- qemu-kvm: Machine emulator and virtualizer
Details:
Laszlo Ersek discovered that QEMU incorrectly handled memory in the vga
device. A malicious guest could possibly use this issue to read arbitrary
host memory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10.
(CVE-2014-3615)
Xavier Mehrenberger and Stephane Duverger discovered that QEMU incorrectly
handled certain udp packets when using guest networking. A malicious guest
could possibly use this issue to cause a denial of service. (CVE-2014-3640)
It was discovered that QEMU incorrectly handled parameter validation in
the vmware_vga device. A malicious guest could possibly use this issue to
write into memory of the host, leading to privilege escalation.
(CVE-2014-3689)
It was discovered that QEMU incorrectly handled USB xHCI controller live
migration. An attacker could possibly use thi...
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: qemu-system 2.1+dfsg-4ubuntu6.1 qemu-system-aarch64 2.1+dfsg-4ubuntu6.1 qemu-system-arm 2.1+dfsg-4ubuntu6.1 qemu-system-mips 2.1+dfsg-4ubuntu6.1 qemu-system-misc 2.1+dfsg-4ubuntu6.1 qemu-system-ppc 2.1+dfsg-4ubuntu6.1 qemu-system-sparc 2.1+dfsg-4ubuntu6.1 qemu-system-x86 2.1+dfsg-4ubuntu6.1 Ubuntu 14.04 LTS: qemu-system 2.0.0+dfsg-2ubuntu1.7 qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.7 qemu-system-arm 2.0.0+dfsg-2ubuntu1.7 qemu-system-mips 2.0.0+dfsg-2ubuntu1.7 qemu-system-misc 2.0.0+dfsg-2ubuntu1.7 qemu-system-ppc 2.0.0+dfsg-2ubuntu1.7 qemu-system-sparc 2.0.0+dfsg-2ubuntu1.7 qemu-system-x86 2.0.0+dfsg-2ubuntu1.7 Ubuntu 12.04 LTS: qemu-kvm 1.0+noroms-0ubuntu14.19 Ubuntu 10.04 LTS: qemu-kvm 0.12.3+noroms-0ubuntu9.25 After a standard system update you need to reboot your computer to make all the necessary changes.
https://ubuntu.com/security/notices/USN-2409-1
CVE-2014-3615, CVE-2014-3640, CVE-2014-3689, CVE-2014-5263,
CVE-2014-5388, CVE-2014-7815
Get the latest Linux and open source security news straight to your inbox.