diff -Nru virtualbox-4.1.18-dfsg/debian/changelog virtualbox-4.1.18-dfsg/debian/changelog
--- virtualbox-4.1.18-dfsg/debian/changelog	2012-08-14 14:30:47.000000000 +0200
+++ virtualbox-4.1.18-dfsg/debian/changelog	2012-10-26 14:11:52.000000000 +0200
@@ -1,3 +1,12 @@
+virtualbox (4.1.18-dfsg-1ubuntu1.1) quantal-security; urgency=low
+
+  * SECURITY UPDATE: Missing privilege check for task gate switches
+    (LP: #1044634)
+    - debian/patches/cve-2012-3221.patch: patch from upstream
+    - CVE-2012-3221
+
+ -- Felix Geyer <debfx@ubuntu.com>  Fri, 26 Oct 2012 14:08:43 +0200
+
 virtualbox (4.1.18-dfsg-1ubuntu1) quantal-proposed; urgency=low
 
   [ Maarten Lankhorst ]
diff -Nru virtualbox-4.1.18-dfsg/debian/patches/cve-2012-3221.patch virtualbox-4.1.18-dfsg/debian/patches/cve-2012-3221.patch
--- virtualbox-4.1.18-dfsg/debian/patches/cve-2012-3221.patch	1970-01-01 01:00:00.000000000 +0100
+++ virtualbox-4.1.18-dfsg/debian/patches/cve-2012-3221.patch	2012-10-26 14:10:33.000000000 +0200
@@ -0,0 +1,23 @@
+Description: recompiler: Missing privilege check for task gate switches
+ Fixes kernel panic when invoking the double fault handler from user space
+ on Linux and maybe other guests
+Origin: upstream, https://www.virtualbox.org/changeset/43068/vbox
+
+Index: virtualbox-4.1.18-dfsg/src/recompiler/target-i386/op_helper.c
+===================================================================
+--- virtualbox-4.1.18-dfsg.orig/src/recompiler/target-i386/op_helper.c	2012-06-20 09:20:29.000000000 -0400
++++ virtualbox-4.1.18-dfsg/src/recompiler/target-i386/op_helper.c	2012-10-18 16:39:20.647324489 -0400
+@@ -872,6 +872,13 @@
+     type = (e2 >> DESC_TYPE_SHIFT) & 0x1f;
+     switch(type) {
+     case 5: /* task gate */
++#ifdef VBOX
++        dpl = (e2 >> DESC_DPL_SHIFT) & 3;
++        cpl = env->hflags & HF_CPL_MASK;
++        /* check privilege if software int */
++        if (is_int && dpl < cpl)
++            raise_exception_err(EXCP0D_GPF, intno * 8 + 2);
++#endif
+         /* must do that check here to return the correct error code */
+         if (!(e2 & DESC_P_MASK))
+             raise_exception_err(EXCP0B_NOSEG, intno * 8 + 2);
diff -Nru virtualbox-4.1.18-dfsg/debian/patches/series virtualbox-4.1.18-dfsg/debian/patches/series
--- virtualbox-4.1.18-dfsg/debian/patches/series	2012-08-14 14:28:04.000000000 +0200
+++ virtualbox-4.1.18-dfsg/debian/patches/series	2012-10-26 14:08:38.000000000 +0200
@@ -15,3 +15,4 @@
 35-libvdeplug-soname.patch
 36-fix-ftbfs-xserver-112.patch
 37-fix-ftbfs-xserver-113.patch
+cve-2012-3221.patch