Canonical Closes Ubuntu 13.10 QEMU Exploits

A couple of other Ubuntu distros have been affected by this bug

  Ubuntu 13.10 desktop
Canonical published details about the QEMU vulnerabilities in its Ubuntu 13.10, Ubuntu 12.10, and Ubuntu 12.04 LTS operating systems.

Canonical published details about the QEMU vulnerabilities in its Ubuntu 13.10, Ubuntu 12.10, and Ubuntu 12.04 LTS operating systems.

According to the company, several security issues have been fixed in QEMU.

It has been discovered that QEMU incorrectly handled SCSI controllers with more than 256 attached devices. A local user could possibly use this flaw to elevate privileges.

Also, it has been discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibly use this flaw to cause a denial of service. This issue only affected Ubuntu 13.10.

For a more detailed description of the problems, you can see Canonical's security notification.

The flaws can be fixed if you upgrade your system(s) to the latest qemu packages specific to each distribution. To apply the patch, run the Update Manager application.

In general, a standard system update will make all the necessary changes and you will have to restart the system.

Comments