1. Ubuntu Security Notices
  2. USN-1692-1

USN-1692-1: QEMU vulnerability

Publication date

16 January 2013

Overview

QEMU could be made to crash or run programs if it received specially crafted network traffic.

Releases

Packages

  • qemu-kvm - Machine emulator and virtualizer

Details

It was discovered that QEMU incorrectly handled certain e1000 packet sizes.
In certain environments, an attacker may use this flaw in combination with
large packets to cause a denial of service or execute arbitrary code in the
guest.

It was discovered that QEMU incorrectly handled certain e1000 packet sizes.
In certain environments, an attacker may use this flaw in combination with
large packets to cause a denial of service or execute arbitrary code in the
guest.

Update instructions

After a standard system update you need to restart your virtual machines to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
12.10 quantal qemu-kvm –  1.2.0+noroms-0ubuntu2.12.10.2
12.04 precise qemu-kvm –  1.0+noroms-0ubuntu14.7
11.10 oneiric qemu-kvm –  0.14.1+noroms-0ubuntu6.6
10.04 lucid qemu-kvm –  0.12.3+noroms-0ubuntu9.21

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›