[ubuntu/artful-proposed] qemu 1:2.8+dfsg-3ubuntu2.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Apr 25 12:20:24 UTC 2017
qemu (1:2.8+dfsg-3ubuntu2.1) zesty-security; urgency=medium
* SECURITY UPDATE: DoS in virtio GPU device
- debian/patches/CVE-2016-10028.patch: check virgl capabilities
max_size in hw/display/virtio-gpu-3d.c.
- CVE-2016-10028
* SECURITY UPDATE: DoS in JAZZ RC4030 chipset emulation
- debian/patches/CVE-2016-8667.patch: limit interval timer reload value
in hw/dma/rc4030.c.
- CVE-2016-8667
* SECURITY UPDATE: host filesystem access via virtFS
- debian/patches/CVE-2016-9602.patch: don't follow symlinks in
hw/9pfs/*.
- CVE-2016-9602
* SECURITY UPDATE: arbitrary code execution via Cirrus VGA
- debian/patches/CVE-2016-9603.patch: remove bitblit support from
console code in hw/display/cirrus_vga.c, include/ui/console.h,
ui/console.c, ui/vnc.c.
- CVE-2016-9603
* SECURITY UPDATE: information leak in virtio GPU device
- debian/patches/CVE-2016-9908.patch: properly clear out memory in
hw/display/virtio-gpu-3d.c.
- CVE-2016-9908
* SECURITY UPDATE: DoS via memory leak in virtio GPU device
- debian/patches/CVE-2016-9912.patch: properly free memory in
hw/display/virtio-gpu.c.
- CVE-2016-9912
* SECURITY UPDATE: DoS via virtFS
- debian/patches/CVE-2016-9914.patch: add cleanup operations to
fsdev/file-op-9p.h, hw/9pfs/9p.c.
- CVE-2016-9914
* SECURITY UPDATE: DoS via memory leak in virtio GPU device
- debian/patches/CVE-2017-5552.patch: check return value in
hw/display/virtio-gpu-3d.c.
- CVE-2017-5552
* SECURITY UPDATE: DoS via memory leak in virtio GPU device
- debian/patches/CVE-2017-5578.patch: check res->iov in
hw/display/virtio-gpu.c.
- CVE-2017-5578
* SECURITY UPDATE: DoS via infinite loop in SDHCI device emulation
- debian/patches/CVE-2017-5987-*.patch: fix transfer mode register
handling in hw/sd/sdhci.c.
- CVE-2017-5987
* SECURITY UPDATE: DoS via infinite loop in USB OHCI emulation
- debian/patches/CVE-2017-6505.patch: limit the number of link eds in
hw/usb/hcd-ohci.c.
- CVE-2017-6505
Date: 2017-04-24 13:34:49.165314+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/qemu/1:2.8+dfsg-3ubuntu2.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Artful-changes
mailing list