Linux News Today: QEMU Vulnerabilities Closed in All Ubuntu-Supported OSes
Quite a few QEMU vulnerabilities have been identified and fixed in Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. A new patch has been released, and it’s now available through the regular channels.
QEMU is defined as a machine emulator and virtualizer, so it’s a virtual machine like GNOME Boxes or VirtualBox, to some extent. This is the not the first time that vulnerabilities have been found in this packages, and it won’t be the last. In any case, users should really upgrade as soon as possible.
“Qinghao Tang discovered that QEMU incorrectly handled receiving certain packets in the NE2000 network driver. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile,” is noted in the security notice.
This is just one of the issues that have been discovered. For more details about the problems found with QEMU, you should read the entire security notification. Users have been advised to upgrade their Ubuntu installation by using the regular application or by using the terminal.
If you choose the terminal, please enter these commands (root will be needed in order to install any kind of package):
sudo apt-get update