14 DAY TRIAL // On May 13, Canonical announced that they had patched the "Venom" security vulnerability, which threatened most datacenters, in all of its supported Ubuntu Linux operating systems.
Apparently, "Venom" is a zero-day vulnerability that has been discovered in the QEMU virtualization software, whose code is used in numerous modern virtualization platforms, such as VirtualBox, KVM, and Xen. The bug dates back to 2004 and it could allow a hacker to penetrate every system across a datacenter's computer network.
"This issue is mitigated in a couple ways on Ubuntu when using libvirt to manage QEMU virtual machines, which includes OpenStack’s use of QEMU," says Robbie Williamson from Canonical. "The QEMU process in the host environment is owned by a special libvirt-qemu user which helps to limit access to resources in the host environment."
The patch is now available for all supported Ubuntu OSes
The affected Ubuntu OSes are Ubuntu 12.04 LTS (Precise Pangolin), Ubuntu 14.04 LTS (Trusty Tahr), Ubuntu 14.10 (Utopic Unicorn), and Ubuntu 15.04 (Vivid Vervet). The patch is now live, and all users are urged to update their Ubuntu systems as soon as possible.
To apply the update, access the Unity Dash, search for Software Updater, open the application, wait for it to refresh the software repositories to find available updates, and then apply them. We recommend rebooting the machine when the update process ends.
Make sure that the QEMU packages installed after the system update are qemu 1:2.2+dfsg-5expubuntu9.1 for Ubuntu 15.04, qemu 2.1+dfsg-4ubuntu6.6 for Ubuntu 14.10, qemu 2.0.0+dfsg-2ubuntu1.11 for Ubuntu 14.04 LTS, and qemu-kvm 1.0+noroms-0ubuntu14.22 for Ubuntu 12.04 LTS.
To learn more about the "Venom" vulnerability and what exactly has been patched in the QEMU packages, we recommend reading Canonical's Security Notice. In related news, Oracle has also updated today its VirtualBox virtualization software patching the "Venom" vulnerability.