3

USN-863-1: QEMU vulnerability

view full story
linux-howto

http://www.ubuntu.com – Description:  =========================================================== Ubuntu Security Notice USN-863-1 December 03, 2009 qemu-kvm vulnerability https://launchpad.net/bugs/458521 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.10: qemu-kvm 0.11.0-0ubuntu6.3 After a standard system upgrade you need to restart any QEMU guests to effect the necessary changes. Details follow: It was discovered that QEMU did not properly setup the virtio networking features available to its guests. A remote attacker could exploit this to crash QEMU guests which use virtio networking on Linux kernels earlier than 2.6.26. (Distributions)