Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in QEMU.
Software Description:
- qemu: Machine emulator and virtualizer
Details:
USN-4467-1 fixed several vulnerabilities in QEMU. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that the QEMU SD memory card implementation incorrectly
handled certain memory operations. An attacker inside a guest could
possibly use this issue to cause QEMU to crash, resulting in a denial of
service. (CVE-2020-13253)
Ren Ding and Hanqing Zhao discovered that the QEMU ES1370 audio driver
incorrectly handled certain invalid frame counts. An attacker inside a
guest could possibly use this issue to cause QEMU to crash, resulting in a
denial of service. (CVE-2020-13361)
Ren Ding and Hanqing Zhao discovered that the QEMU MegaRAID SAS SCSI driver
incorrectly handled certain memory operations. An attacker inside a guest
could possibly use this issue to cause QEMU to crash, resulting in a denial
...
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: qemu 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-system 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-system-arm 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-system-mips 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-system-misc 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-system-ppc 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-system-sparc 2.0.0+dfsg-2ubuntu1.47+esm1 qemu-system-x86 2.0.0+dfsg-2ubuntu1.47+esm1 After a standard system update you need to restart all QEMU virtual machines to make all the necessary changes.
https://ubuntu.com/security/notices/USN-4467-2
https://ubuntu.com/security/notices/USN-4467-1
CVE-2020-13253, CVE-2020-13361, CVE-2020-13362, CVE-2020-13659,
CVE-2020-13754, CVE-2020-14364
Get the latest Linux and open source security news straight to your inbox.