Tuesday, October 2, 2012

[USN-1590-1] QEMU vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBCgAGBQJQavb4AAoJEGVp2FWnRL6TZgsQAIhkOLqZTK7zBWxKnu2L+JCB
8bwUfzcLkXBbNh1pDbo8PV1V5WE4vxgB/erg28D7V6ynI2uXWVY7PUmtnUYBOPBH
sJYSXMQsJdMG9onJI0XHNx8lKrOQ0sVo9+8DtDxaD/eo1jbxdDZS+Uun964mdfqE
Dka1PsfZ5A39v9kD5NAAsxqDjGF2CBd3nr7ZPh+vQFNHlOUgIcPTHJwA8XPqr6p8
QkbTs9WFLIlnkvg+KuJTWP4IlLus+xhWPAjwjSrN3sHbplza4eVkYBGV2ZZu8DCr
AvsyEXI0AHCO+UYVHaBLPY51yekfaQ0EhHb2ImDkqGH5Iwnw9fjn/EDZSzgmwVGe
4hoSAGB8/cbYC2GHun9NKpVTsubqYwJTi8Q/XBw325o498d8K2YJ4HxATF4W7awn
JEHzdGlRxl3I5zRIhiwRuasni2RE6kdjVUOPvJs8nEtAHOw40DT8zJolXzu5QE8r
KI+3Zp47T29krQnZFEWdt9s+BAP7Yh66BqMNF5u2OuApbM84H61Ivl/KmqmUIk4r
GRApOO7kdTEKb+XdyAb0C50BXeM1rvs5TIbPBkvM48Z8DTup7blbfVNl2sh/EMuH
raeJrOmoPVtVDN85j1ZXHQFoG3BmVkBf8B+VOBWvl4kFl3vXNxUvKAAIudpf2kvI
VBgiEqDmoaBv2cY6/bpK
=KEM/
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1590-1
October 02, 2012

qemu-kvm vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS

Summary:

QEMU could be made to crash or run programs.

Software Description:
- qemu-kvm: Machine emulator and virtualizer

Details:

It was discovered that QEMU incorrectly handled certain VT100 escape
sequences. A guest user with access to an emulated character device could
use this flaw to cause QEMU to crash, or possibly execute arbitrary code on
the host.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
qemu-kvm 1.0+noroms-0ubuntu14.2

Ubuntu 11.10:
qemu-kvm 0.14.1+noroms-0ubuntu6.5

Ubuntu 11.04:
qemu-kvm 0.14.0+noroms-0ubuntu4.7

Ubuntu 10.04 LTS:
qemu-kvm 0.12.3+noroms-0ubuntu9.20

After a standard system update you need to restart your virtual machines to
make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1590-1
CVE-2012-3515

Package Information:
https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.2
https://launchpad.net/ubuntu/+source/qemu-kvm/0.14.1+noroms-0ubuntu6.5
https://launchpad.net/ubuntu/+source/qemu-kvm/0.14.0+noroms-0ubuntu4.7
https://launchpad.net/ubuntu/+source/qemu-kvm/0.12.3+noroms-0ubuntu9.20

1 comment:

  1. SrkOctober 2, 2012 at 11:18 PM

    Thanks for your grateful informations, this blogs will be really help for Linux tutorial.

    ReplyDelete

Subscribe to: Post Comments (Atom)