USN-4191-2: QEMU vulnerabilities
USN-4191-2: QEMU vulnerabilities qemu vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary Several security issues were fixed in QEMU. Software Description qemu – Machine emulator and virtualizer Details USN-4191-2 fixed a vulnerability in QEMU. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. (CVE-2019-12068) Sergej Schumilo, Cornelius Aschermann and Simon Wörner discovered that the qxl paravirtual graphics driver implementation in QEMU contained a null pointer dereference. A local attacker in a guest could use this to cause a denial of service. (CVE-2019-12155) Riccardo Schirone discovered that the QEMU bridge helper did not properly validate network interface names. A [ more… ]