1. Ubuntu Security Notices
  2. USN-2182-1

USN-2182-1: QEMU vulnerabilities

Publication date

28 April 2014

Overview

Several security issues were fixed in QEMU.

Releases

Packages

  • qemu - Machine emulator and virtualizer
  • qemu-kvm - Machine emulator and virtualizer

Details

Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3
devices. A local guest could possibly use this issue to cause a denial of
service, or possibly execute arbitrary code on the host. This issue only
applied to Ubuntu 13.10 and Ubuntu 14.04 LTS. (CVE-2013-4544)

Michael S. Tsirkin discovered that QEMU incorrectly handled virtio-net
MAC addresses. A local guest could possibly use this issue to cause a
denial of service, or possibly execute arbitrary code on the host.
(CVE-2014-0150)

Benoît Canet discovered that QEMU incorrectly handled SMART self-tests. A
local guest could possibly use this issue to cause a denial of service, or
possibly execute arbitrary code on the host. (CVE-2014-2894)

Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3
devices. A local guest could possibly use this issue to cause a denial of
service, or possibly execute arbitrary code on the host. This issue only
applied to Ubuntu 13.10 and Ubuntu 14.04 LTS. (CVE-2013-4544)

Michael S. Tsirkin discovered that QEMU incorrectly handled virtio-net
MAC addresses. A local guest could possibly use this issue to cause a
denial of service, or possibly execute arbitrary code on the host.
(CVE-2014-0150)

Benoît Canet discovered that QEMU incorrectly handled SMART self-tests. A
local guest could possibly use this issue to cause a denial of service, or
possibly execute arbitrary code on the host. (CVE-2014-2894)

Update instructions

After a standard system update you need to reboot your computer to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
14.04 trusty qemu-system –  2.0.0~rc1+dfsg-0ubuntu3.1
qemu-system-aarch64 –  2.0.0~rc1+dfsg-0ubuntu3.1
qemu-system-arm –  2.0.0~rc1+dfsg-0ubuntu3.1
qemu-system-mips –  2.0.0~rc1+dfsg-0ubuntu3.1
qemu-system-misc –  2.0.0~rc1+dfsg-0ubuntu3.1
qemu-system-ppc –  2.0.0~rc1+dfsg-0ubuntu3.1
qemu-system-sparc –  2.0.0~rc1+dfsg-0ubuntu3.1
qemu-system-x86 –  2.0.0~rc1+dfsg-0ubuntu3.1
13.10 saucy qemu-system –  1.5.0+dfsg-3ubuntu5.4
qemu-system-arm –  1.5.0+dfsg-3ubuntu5.4
qemu-system-mips –  1.5.0+dfsg-3ubuntu5.4
qemu-system-misc –  1.5.0+dfsg-3ubuntu5.4
qemu-system-ppc –  1.5.0+dfsg-3ubuntu5.4
qemu-system-sparc –  1.5.0+dfsg-3ubuntu5.4
qemu-system-x86 –  1.5.0+dfsg-3ubuntu5.4
12.10 quantal qemu-kvm –  1.2.0+noroms-0ubuntu2.12.10.7
12.04 precise qemu-kvm –  1.0+noroms-0ubuntu14.14
10.04 lucid qemu-kvm –  0.12.3+noroms-0ubuntu9.22

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›