Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Ubuntu 14.04 ESM: Critical QEMU Issues Addressed in USN-4191-2 Update

ubuntu
Calendar Grey November 13, 2019
Dist Ubuntu Esm H88
Significant QEMU flaws addressed in the Ubuntu 14.04 ESM release as outlined in the USN-4191-2 advisory.
Several security issues were fixed in QEMU.

Summary

Several security issues were fixed in QEMU.

Software Description:

- qemu: Machine emulator and virtualizer

Details:

USN-4191-2 fixed a vulnerability in QEMU. This update provides the

corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that the LSI SCSI adapter emulator implementation in QEMU

did not properly validate executed scripts. A local attacker could use this

to cause a denial of service. (CVE-2019-12068)

Sergej Schumilo, Cornelius Aschermann and Simon Wörner discovered that the

qxl paravirtual graphics driver implementation in QEMU contained a null

pointer dereference. A local attacker in a guest could use this to cause a

denial of service. (CVE-2019-12155)

Riccardo Schirone discovered that the QEMU bridge helper did not properly

validate network interface names. A local attacker could possibly use this

to bypass ACL restrictions. (CVE-2019-13164)

It was discovered that a heap-based buffer ove...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  qemu                            2.0.0+dfsg-2ubuntu1.47
  qemu-common                     2.0.0+dfsg-2ubuntu1.47
  qemu-kvm                        2.0.0+dfsg-2ubuntu1.47
  qemu-system-common              2.0.0+dfsg-2ubuntu1.47
  qemu-system-x86                 2.0.0+dfsg-2ubuntu1.47
  qemu-user-static                2.0.0+dfsg-2ubuntu1.47
  qemu-utils                      2.0.0+dfsg-2ubuntu1.47

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4191-2

https://ubuntu.com/security/notices/USN-4191-1

CVE-2019-12068, CVE-2019-12155, CVE-2019-13164, CVE-2019-14378,

CVE-2019-15890

Severity
critical
Lowest
Low
Medium
High
Critical

November 14, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here