14 DAY TRIAL // Canonical has released some details in a security notice about a number of QEMU vulnerabilities in Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS operating systems.
The Ubuntu developers have managed to plug another vulnerability. This time it affected both the qemu and qemu-kvm packages and the fix covers a few security issues.
According to the security notice, “Michael S. Tsirkin, Anthony Liguori, and Michael Roth discovered multiple issues with QEMU state loading after migration. An attacker able to modify the state data could use these issues to cause a denial of service, or possibly execute arbitrary code.”
“It was discovered that QEMU incorrectly handled certain PCIe bus hotplug operations. A malicious guest could use this issue to crash the QEMU host, resulting in a denial of service.”
These are just a couple of problems that have been found and fixed. For a more detailed description of the problems, you can see Canonical's security notification. Users should upgrade their Linux distribution in order to correct these issues.
The flaw can be fixed if you upgrade your system(s) to the latest packages specific to each distribution. To apply the patch, you can simply run the Update Manager application.
In general, a standard system update will make all the necessary changes. A reboot of the system is needed to complete the update.