[ubuntu/bionic-security] qemu 1:2.11+dfsg-1ubuntu7.20 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Wed Nov 13 22:51:10 UTC 2019 

qemu (1:2.11+dfsg-1ubuntu7.20) bionic-security; urgency=medium

  * SECURITY UPDATE: infinite loop when executing LSI scsi adapter
    emulator scripts
    - d/p/u/CVE-2019-12068.patch: Move the existing loop exit
    - CVE-2019-12068
  * SECURITY UPDATE: null pointer dereference in qxl display driver
    - d/p/u/CVE-2019-12155.patch: qxl: check release info object
    - CVE-2019-12155
  * SECURITY UPDATE: qemu-bridge-helper interface name buffer overflow
    - d/p/u/CVE-2019-13164.patch: qemu-bridge-helper: restrict
      interface name to IFNAMSIZ
    - CVE-2019-13164
  * SECURITY UPDATE: heap overflow in slirp
    - d/p/u/CVE-2019-14378.patch: slirp: Fix heap overflow in ip_reass
      on big packet input
    - CVE-2019-14378
  * SECURITY UPDATE: use after free vulnerability in slirp
    - d/p/u/CVE-2019-15890.patch: slirp: ip_reass: Fix use after free
    - CVE-2019-15890
  * Add support for exposing "taa-no" flag to guests:
    - d/p/u/CVE-2019-11135-taa-no.patch
    - CVE-2019-11135
  * Add support for exposing "pschange-mc-no" to guests:
    - d/p/u/pschange-mce.patch

qemu (1:2.11+dfsg-1ubuntu7.19) bionic; urgency=medium

  * d/p/ubuntu/lp-1837869-block-Fix-flags-in-reopen-queue.patch: avoid
    issues on block reopen (LP: #1837869)

qemu (1:2.11+dfsg-1ubuntu7.18) bionic; urgency=medium

  * d/p/ubuntu/lp-1832622-*: count cache flush Spectre v2 mitigation for ppc64
    (LP: #1832622)
  * d/p/ubuntu/lp-1840745-*: add amd ssbd / no-ssbd features (LP: #1840745)
  * d/p/ubuntu/lp-1836154-*: add HW CPU model for newer s390x machines
    (LP: #1836154)

qemu (1:2.11+dfsg-1ubuntu7.17) bionic; urgency=medium

  * {Ice,Cascade}Lake IA32_ARCH_CAPABILITIES support (LP: 1828495)
    Needed patch is in d/p/u/lp1828495-:
    - 0017-target-i386-add-MDS-NO-feature.patch:
      target/i386: add MDS-NO feature

qemu (1:2.11+dfsg-1ubuntu7.16) bionic; urgency=medium

  [ Christian Ehrhardt ]
  * d/p/ubuntu/lp-1830243-s390-bios-Skip-bootmap-signature-entries.patch:
    tolerate guests with secure boot loaders (LP: #1830243)

  [ Rafael David Tinoco ]
  * {Ice,Cascade}Lake CPUs + IA32_ARCH_CAPABILITIES support (LP: #1828495)
    Needed patches are in d/p/u/lp1828495-:
    - 0001-guidance-cpu-models.patch:
      docs: add guidance on configuring CPU models for x86
      + d/qemu-system-common.install: include man/man7/qemu-cpu-models.7
    - 0002-msr-new-msr-indices.patch:
      i386: Add new MSR indices for IA32_PRED_CMD and IA32_ARCH_CAPABILITIES
    - 0003-cpuid-feature-ia32-arch-capabilities.patch:
      i386: Add CPUID bit and feature words for IA32_ARCH_CAPABILITIES MSR
    - 0004-cpuid-bit-for-wbnoinvd.patch:
      i386: Add CPUID bit for WBNOINVD
    - 0005-new-cpu-model-for-icelake.patch:
      i386: Add new CPU model Icelake-{Server,Client}
    - 0006-update-headers-to-4.16-rc5.patch:
      update Linux headers to 4.16-rc5
    - 0007-kvm-get-msr-feature-index_list.patch:
      kvm: Add support to KVM_GET_MSR_FEATURE_INDEX_LIST and
    - 0008-x86-msr-related-data-structure-changes.patch:
      x86: Data structure changes to support MSR based features
    - 0009-feature-wordS-arch-capabilities.patch:
      x86: define a new MSR based feature word -- FEATURE_WORDS_ARCH
    - 0010-use-kvm-get-msr-index-list.patch:
      kvm: Use KVM_GET_MSR_INDEX_LIST for MSR_IA32_ARCH_CAPABILITIES support
    - 0011-disable-arch-cap-when-no-msr.patch:
      i386: kvm: Disable arch_capabilities if MSR can't be set
    - 0012-arch-capabilities-migratable.patch:
      i386: Make arch_capabilities migratable
    - 0013-cascadelake-server.patch:
      i386: Add new model of Cascadelake-Server
    - 0014-remove-cpuid-pconfig.patch:
      i386: remove the new CPUID 'PCONFIG' from Icelake-Server CPU model
    - 0015-remove-cpuid-intel_pt.patch:
      i386: remove the 'INTEL_PT' CPUID bit from named CPU models
    - 0016-no-ospke-on-some.patch:
      i386: Disable OSPKE on CPU model definitions

qemu (1:2.11+dfsg-1ubuntu7.15) bionic; urgency=medium

  * d/p/ubuntu/define-ubuntu-machine-types.patch: fix wily machine type being
    broken since 2.11 due to 2.3/2.4 version mismatch in its definition to
    fix migrations from old machines (LP: #1829868).
  * d/p/ubuntu/lp-1830704-s390x-cpumodel-ignore-csske-for-expansion.patch
    toleration for future machines (LP: #1830704

Date: 2019-11-08 06:51:14.120508+00:00
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
https://launchpad.net/ubuntu/+source/qemu/1:2.11+dfsg-1ubuntu7.20
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list