Canonical Plugs QEMU Vulnerability in Ubuntu 12.10

A few other operating systems from Canonical have been affected by this vulnerability

  Ubuntu 12.10 desktop
On January 16, Canonical published in a security notice details about a QEMU vulnerability for its Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10, and Ubuntu 10.04 LTS operating systems.

On January 16, Canonical published in a security notice details about a QEMU vulnerability for its Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10, and Ubuntu 10.04 LTS operating systems.

According to Canonical, QEMU could be made to crash or run programs if it received specially crafted network traffic.

It was discovered that QEMU incorrectly handled certain e1000 packet sizes. In certain environments, an attacker may use this flaw, in combination with large packets, to cause a denial of service or execute arbitrary code in the guest.

The security flaws can be fixed if you upgrade your system(s) to the latest qemu-kvm package, specific to each operating system. To apply the update, run the Update Manager application.

In general, a standard system update will make all the necessary changes. A system restart won't be necessary to implement the changes, but users have to restart the virtual machine.

Comments