Ubuntu Local Security Checks : Ubuntu: Security Advisory (USN-2342-1)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.841962
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2342-1)
Summary:	The remote host is missing an update for the 'qemu, qemu-kvm' package(s) announced via the USN-2342-1 advisory.
Description:	Summary: The remote host is missing an update for the 'qemu, qemu-kvm' package(s) announced via the USN-2342-1 advisory. Vulnerability Insight: Michael S. Tsirkin, Anthony Liguori, and Michael Roth discovered multiple issues with QEMU state loading after migration. An attacker able to modify the state data could use these issues to cause a denial of service, or possibly execute arbitrary code. (CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4526, CVE-2013-4527, CVE-2013-4529, CVE-2013-4530, CVE-2013-4531, CVE-2013-4532, CVE-2013-4533, CVE-2013-4534, CVE-2013-4535, CVE-2013-4536, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539, CVE-2013-4540, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-3461) Kevin Wolf, Stefan Hajnoczi, Fam Zheng, Jeff Cody, Stefan Hajnoczi, and others discovered multiple issues in the QEMU block drivers. An attacker able to modify disk images could use these issues to cause a denial of service, or possibly execute arbitrary code. (CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0222, CVE-2014-0223) It was discovered that QEMU incorrectly handled certain PCIe bus hotplug operations. A malicious guest could use this issue to crash the QEMU host, resulting in a denial of service. (CVE-2014-3471) Affected Software/OS: 'qemu, qemu-kvm' package(s) on Ubuntu 10.04, Ubuntu 12.04, Ubuntu 14.04. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4148 FEDORA-2014-6288 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html RHSA-2014:0743 http://rhn.redhat.com/errata/RHSA-2014-0743.html RHSA-2014:0744 http://rhn.redhat.com/errata/RHSA-2014-0744.html [Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=71f7fe48e10a8437c9d42d859389f37157f59980 Common Vulnerability Exposure (CVE) ID: CVE-2013-4149 RHSA-2014:0927 http://rhn.redhat.com/errata/RHSA-2014-0927.html http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=98f93ddd84800f207889491e0b5d851386b459cf Common Vulnerability Exposure (CVE) ID: CVE-2013-4150 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eea750a5623ddac7a61982eec8f1c93481857578 Common Vulnerability Exposure (CVE) ID: CVE-2013-4151 http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=cc45995294b92d95319b4782750a3580cabdbc0c Common Vulnerability Exposure (CVE) ID: CVE-2013-4526 [Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ae2158ad6ce0845b2fae2a22aa7f19c0d7a71ce5 Common Vulnerability Exposure (CVE) ID: CVE-2013-4527 http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=3f1c49e2136fa08ab1ef3183fd55def308829584 Common Vulnerability Exposure (CVE) ID: CVE-2013-4529 Common Vulnerability Exposure (CVE) ID: CVE-2013-4530 http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=d8d0a0bc7e194300e53a346d25fe5724fd588387 Common Vulnerability Exposure (CVE) ID: CVE-2013-4531 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d2ef4b61fe6d33d2a5dcf100a9b9440de341ad62 Common Vulnerability Exposure (CVE) ID: CVE-2013-4532 http://www.ubuntu.com/usn/USN-2342-1 https://access.redhat.com/security/cve/cve-2013-4532 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739589 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4532 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4532 https://github.com/qemu/qemu/commit/2e1198672759eda6e122ff38fcf6df06f27e0fe2 https://security-tracker.debian.org/tracker/CVE-2013-4532 Common Vulnerability Exposure (CVE) ID: CVE-2013-4533 http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=caa881abe0e01f9931125a0977ec33c5343e4aa7 Common Vulnerability Exposure (CVE) ID: CVE-2013-4534 http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=73d963c0a75cb99c6aaa3f6f25e427aa0b35a02e Common Vulnerability Exposure (CVE) ID: CVE-2013-4535 http://git.qemu.org/?p=qemu.git;a=commitdiff;h=36cf2a37132c7f01fa9adb5f95f5312b27742fd4 https://bugzilla.redhat.com/show_bug.cgi?id=1066401 Common Vulnerability Exposure (CVE) ID: CVE-2013-4536 Common Vulnerability Exposure (CVE) ID: CVE-2013-4537 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a9c380db3b8c6af19546a68145c8d1438a09c92b Common Vulnerability Exposure (CVE) ID: CVE-2013-4538 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ead7a57df37d2187813a121308213f41591bd811 Common Vulnerability Exposure (CVE) ID: CVE-2013-4539 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5193be3be35f29a35bc465036cd64ad60d43385f Common Vulnerability Exposure (CVE) ID: CVE-2013-4540 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=52f91c3723932f8340fe36c8ec8b18a757c37b2b openSUSE-SU-2014:1279 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html openSUSE-SU-2014:1281 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html Common Vulnerability Exposure (CVE) ID: CVE-2013-4541 http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f8e9895c504149d7048e9fc5eb5cbb34b16e49a Common Vulnerability Exposure (CVE) ID: CVE-2013-4542 http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=3c3ce981423e0d6c18af82ee62f1850c2cda5976 Common Vulnerability Exposure (CVE) ID: CVE-2013-6399 http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=4b53c2c72cb5541cf394033b528a6fe2a86c0ac1 Common Vulnerability Exposure (CVE) ID: CVE-2014-0142 DSA-3044 http://www.debian.org/security/2014/dsa-3044 RHSA-2014:0420 http://rhn.redhat.com/errata/RHSA-2014-0420.html RHSA-2014:0421 http://rhn.redhat.com/errata/RHSA-2014-0421.html http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=8e53abbc20d08ae3ec30c2054e1161314ad9501d http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9302e863aa8baa5d932fc078967050c055fa1a7f https://bugzilla.redhat.com/show_bug.cgi?id=1078201 Common Vulnerability Exposure (CVE) ID: CVE-2014-0143 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=509a41bab5306181044b5fff02eadf96d9c8676a http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6a83f8b5bec6f59e56cc49bd49e4c3f8f805d56f http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8f4754ede56e3f9ea3fd7207f4a7c4453e59285b http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=afbcc40bee4ef51731102d7d4b499ee12fc182e1 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=cab60de930684c33f67d4e32c7509b567f8c445b http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=db8a31d11d6a60f48d6817530640d75aa72a9a2f http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e3737b820b45e54b059656dc3f914f895ac7a88b https://bugzilla.redhat.com/show_bug.cgi?id=1079140 Common Vulnerability Exposure (CVE) ID: CVE-2014-0144 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=24342f2cae47d03911e346fe1e520b00dc2818e0 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6d4b9e55fc625514a38d27cff4b9933f617fa7dc http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7b103b36d6ef3b11827c203d3a793bf7da50ecd6 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=97f1c45c6f456572e5b504b8614e4a69e23b8e3a http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a1b3955c9415b1e767c130a2f59fee6aa28e575b http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ce48f2f441ca98885267af6fd636a7cb804ee646 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d65f97a82c4ed48374a764c769d4ba1ea9724e97 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f56b9bc3ae20fc93815b34aa022be919941406ce https://bugzilla.redhat.com/show_bug.cgi?id=1079240 https://www.vulnerabilitycenter.com/#%21vul=44767 Common Vulnerability Exposure (CVE) ID: CVE-2014-0145 [oss-security] 20140326 QEMU image format input validation fixes (multiple CVEs) http://www.openwall.com/lists/oss-security/2014/03/26/8 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c05e4667be91b46ab42b5a11babf8e84d476cc6b http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f0dce23475b5af5da6b17b97c1765271307734b6 http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=c165f7758009a4f793c1fc19ebb69cf55313450b https://bugzilla.redhat.com/show_bug.cgi?id=1078885 https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html Common Vulnerability Exposure (CVE) ID: CVE-2014-0146 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=11b128f4062dd7f89b14abc8877ff20d41b28be9 https://bugzilla.redhat.com/show_bug.cgi?id=1078232 Common Vulnerability Exposure (CVE) ID: CVE-2014-0147 http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=246f65838d19db6db55bfb41117c35645a2c4789 https://bugzilla.redhat.com/show_bug.cgi?id=1078848 https://bugzilla.redhat.com/show_bug.cgi?id=1086717 Common Vulnerability Exposure (CVE) ID: CVE-2014-0182 http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=a890a2f9137ac3cf5b607649e66a6f3a5512d8dc Common Vulnerability Exposure (CVE) ID: CVE-2014-0222 67357 http://www.securityfocus.com/bid/67357 FEDORA-2014-6970 http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html SUSE-SU-2015:0929 http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html [Qemu-devel] 20140512 [PATCH 3/5] qcow1: Validate L2 table size (CVE-2014-0222) https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html openSUSE-SU-2015:1965 http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html Common Vulnerability Exposure (CVE) ID: CVE-2014-0223 67391 http://www.securityfocus.com/bid/67391 [Qemu-devel] 20140512 [PATCH 4/5] qcow1: Validate image size (CVE-2014-0223) https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html Common Vulnerability Exposure (CVE) ID: CVE-2014-3461 [qemu-devel] 20140512 [PATCH] usb: fix up post load checks http://article.gmane.org/gmane.comp.emulators.qemu/272092 Common Vulnerability Exposure (CVE) ID: CVE-2014-3471 68145 http://www.securityfocus.com/bid/68145 GLSA-201412-01 http://security.gentoo.org/glsa/glsa-201412-01.xml [oss-security] 20140623 CVE-2014-3471 Qemu: hw: pci: use after free triggered via guest http://www.openwall.com/lists/oss-security/2014/06/23/4 [qemu-devel] 20140623 PATCH v2 3/3] hw/pcie: better hotplug/hotunplug support https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg05283.html https://bugzilla.redhat.com/show_bug.cgi?id=1112271
Copyright	Copyright (C) 2014 Greenbone AG