USN-1063-1: QEMU vulnerability | Ubuntu security notices

Packages

qemu-kvm - Full virtualization on i386 and amd64 hardware

Details

Neil Wilson discovered that if VNC passwords were blank in QEMU
configurations, access to VNC sessions was allowed without a password
instead of being disabled. A remote attacker could connect to running
VNC sessions of QEMU and directly control the system. By default, QEMU
does not start VNC sessions.

Update instructions

After a standard system update you need to restart any running QEMU sessions to make all the necessary changes.

Learn more about how to get the fixes.

Ubuntu Release	Package Version
9.10 karmic	qemu-kvm – 0.11.0-0ubuntu6.4
	qemu-arm-static – 0.11.0-0ubuntu6.4
	kvm – 0.11.0-0ubuntu6.4
	qemu – 0.11.0-0ubuntu6.4
	qemu-kvm-extras – 0.11.0-0ubuntu6.4
10.10 maverick	qemu-kvm – 0.12.5+noroms-0ubuntu7.2
	qemu-kvm-extras-static – 0.12.5+noroms-0ubuntu7.2
	kvm – 0.12.5+noroms-0ubuntu7.2
	qemu-arm-static – 0.12.5+noroms-0ubuntu7.2
	qemu-kvm-extras – 0.12.5+noroms-0ubuntu7.2
	qemu – 0.12.5+noroms-0ubuntu7.2
10.04 lucid	qemu-kvm – 0.12.3+noroms-0ubuntu9.4
	qemu-kvm-extras – 0.12.3+noroms-0ubuntu9.4
	kvm – 0.12.3+noroms-0ubuntu9.4
	qemu-arm-static – 0.12.3+noroms-0ubuntu9.4
	qemu-kvm-extras-static – 0.12.3+noroms-0ubuntu9.4
	qemu-common – 0.12.3+noroms-0ubuntu9.4
	qemu – 0.12.3+noroms-0ubuntu9.4

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

CVE-2011-0011

CVE-2011-0011