Home / mailings [USN-1145-1] QEMU vulnerabilities
Posted on 10 June 2011
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-1145-1
June 09, 2011
qemu-kvm vulnerabilities
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
A privileged attacker within a QEMU guest could cause QEMU to crash.
Software Description:
- qemu-kvm: Machine emulator and virtualizer
Details:
It was discovered that QEMU did not properly perform validation of I/O
operations from the guest which could lead to heap corruption. An attacker
could exploit this to cause a denial of service of the guest or possibly
execute code with the privileges of the user invoking the program.
(CVE-2011-1750)
Nelson Elhage discoverd that QEMU did not properly handle memory when
removing ISA devices. An attacker could exploit this to cause a denial of
service of the guest or possibly execute code with the privileges of the
user invoking the program. (CVE-2011-1751)
When using QEMU with libvirt or virtualization management software based on
libvirt such as Eucalyptus and OpenStack, QEMU guests are individually isol=
ated
by an AppArmor profile by default in Ubuntu.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
qemu-kvm 0.14.0+noroms-0ubuntu4.1
Ubuntu 10.10:
qemu-kvm 0.12.5+noroms-0ubuntu7.5
qemu-kvm-extras 0.12.5+noroms-0ubuntu7.5
qemu-kvm-extras-static 0.12.5+noroms-0ubuntu7.5
Ubuntu 10.04 LTS:
qemu-kvm 0.12.3+noroms-0ubuntu9.9
qemu-kvm-extras 0.12.3+noroms-0ubuntu9.9
qemu-kvm-extras-static 0.12.3+noroms-0ubuntu9.9
After a standard system update you need to restart running virtual machines
to make all the necessary changes.
References:
CVE-2011-1750, CVE-2011-1751
Package Information:
https://launchpad.net/ubuntu/+source/qemu-kvm/0.14.0+noroms-0ubuntu4.1
https://launchpad.net/ubuntu/+source/qemu-kvm/0.12.5+noroms-0ubuntu7.5
https://launchpad.net/ubuntu/+source/qemu-kvm/0.12.3+noroms-0ubuntu9.9
