USN-1177-1: QEMU vulnerability

27 July 2011

QEMU could be made to run with adminstrator group privileges under certain circumstances.

Releases

Packages

  • qemu-kvm - Machine emulator and virtualizer

Details

Andrew Griffiths discovered that QEMU did not correctly drop privileges
when using the 'runas' argument. Under certain circumstances a local
attacker could exploit this to escalate privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 11.04
Ubuntu 10.10
Ubuntu 10.04

In general, a standard system update will make all the necessary changes.

References