[ubuntu-cloud-archive/havana-updates] qemu (Accepted)

James Page james.page at ubuntu.com
Mon Feb 17 17:53:49 UTC 2014


 qemu (1.5.0+dfsg-3ubuntu5.3~cloud0) precise-havana; urgency=low
 .
   * New update for the Ubuntu Cloud Archive.
 .
 qemu (1.5.0+dfsg-3ubuntu5.3) saucy-security; urgency=medium
 .
   * SECURITY UPDATE: denial of service via virtio device hot-plugging
     - debian/patches/CVE-2013-4377.patch: backport upstream commits to
       refactor virtio device unplugging.
     - CVE-2013-4377
   * SECURITY UPDATE: privilege escalation via REPORT LUNS
     - debian/patches/CVE-2013-4344.patch: support more than 256 LUNS in
       hw/scsi/scsi-bus.c, include/hw/scsi/scsi.h.
     - CVE-2013-4344
   * SECURITY UPDATE: denial of service in qdisk PV disk backend
     - debian/patches/CVE-2013-4375.patch: mark ioreq as mapped before
       unmapping in error case in hw/block/xen_disk.c.
     - CVE-2013-4375

Date: Fri, 31 Jan 2014 00:06:03 -0500
Changed-By: Openstack Ubuntu Testing Bot <openstack-testing-bot at ubuntu.com>
Signed-By: Openstack Ubuntu Testing Bot
Published-By: James Page <james.page at ubuntu.com>


More information about the Cloud-archive-changes mailing list