USN-2182-1: QEMU vulnerabilities
28 April 2014
Several security issues were fixed in QEMU.
Releases
Packages
Details
Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3
devices. A local guest could possibly use this issue to cause a denial of
service, or possibly execute arbitrary code on the host. This issue only
applied to Ubuntu 13.10 and Ubuntu 14.04 LTS. (CVE-2013-4544)
Michael S. Tsirkin discovered that QEMU incorrectly handled virtio-net
MAC addresses. A local guest could possibly use this issue to cause a
denial of service, or possibly execute arbitrary code on the host.
(CVE-2014-0150)
BenoƮt Canet discovered that QEMU incorrectly handled SMART self-tests. A
local guest could possibly use this issue to cause a denial of service, or
possibly execute arbitrary code on the host. (CVE-2014-2894)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04
-
qemu-system
-
2.0.0~rc1+dfsg-0ubuntu3.1
-
qemu-system-aarch64
-
2.0.0~rc1+dfsg-0ubuntu3.1
-
qemu-system-arm
-
2.0.0~rc1+dfsg-0ubuntu3.1
-
qemu-system-mips
-
2.0.0~rc1+dfsg-0ubuntu3.1
-
qemu-system-misc
-
2.0.0~rc1+dfsg-0ubuntu3.1
-
qemu-system-ppc
-
2.0.0~rc1+dfsg-0ubuntu3.1
-
qemu-system-sparc
-
2.0.0~rc1+dfsg-0ubuntu3.1
-
qemu-system-x86
-
2.0.0~rc1+dfsg-0ubuntu3.1
Ubuntu 13.10
-
qemu-system
-
1.5.0+dfsg-3ubuntu5.4
-
qemu-system-arm
-
1.5.0+dfsg-3ubuntu5.4
-
qemu-system-mips
-
1.5.0+dfsg-3ubuntu5.4
-
qemu-system-misc
-
1.5.0+dfsg-3ubuntu5.4
-
qemu-system-ppc
-
1.5.0+dfsg-3ubuntu5.4
-
qemu-system-sparc
-
1.5.0+dfsg-3ubuntu5.4
-
qemu-system-x86
-
1.5.0+dfsg-3ubuntu5.4
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 10.04
After a standard system update you need to reboot your computer to make all
the necessary changes.