[ubuntu-cloud-archive/kilo-proposed] qemu (Accepted)

James Page james.page at ubuntu.com
Thu Jun 11 14:28:10 UTC 2015

 qemu (1:2.2+dfsg-5expubuntu9.2~cloud0) trusty-kilo; urgency=medium
   * New update for the Ubuntu Cloud Archive.
 qemu (1:2.2+dfsg-5expubuntu9.2) vivid-security; urgency=medium
   * SECURITY UPDATE: heap overflow in PCNET controller
     - debian/patches/CVE-2015-3209.patch: check bounds in hw/net/pcnet.c.
     - CVE-2015-3209
   * SECURITY UPDATE: unsafe /tmp filename use by slirp
     - debian/patches/CVE-2015-4037.patch: use mkdtemp in net/slirp.c.
     - CVE-2015-4037
   * SECURITY UPDATE: denial of service via MSI message data field write
     - debian/patches/CVE-2015-4103.patch: properly gate writes in
       hw/xen/xen_pt.c, hw/xen/xen_pt.h, hw/xen/xen_pt_config_init.c.
     - CVE-2015-4103
   * SECURITY UPDATE: denial of service via MSI mask bits access
     - debian/patches/CVE-2015-4104.patch: don't allow guest access in
       hw/pci/msi.c, hw/xen/xen_pt_config_init.c, include/hw/pci/pci_regs.h.
     - CVE-2015-4104
   * SECURITY UPDATE: denial of service via PCI MSI-X pass-through error
     message logging
     - debian/patches/CVE-2015-4105.patch: limit messages in
       hw/xen/xen_pt.h, hw/xen/xen_pt_msi.c.
     - CVE-2015-4105
   * SECURITY UPDATE: denial of service or possible privilege escalation via
     write access to PCI config space
     - debian/patches/CVE-2015-4106-*.patch: multiple upstream commits to
       restrict passthough in hw/xen/xen_pt_config_init.c, hw/xen/xen_pt.h,
     - CVE-2015-4106

Date: Wed, 10 Jun 2015 14:54:23 +0000
Changed-By: Openstack Ubuntu Testing Bot <openstack-testing-bot at ubuntu.com>
Signed-By: Openstack Ubuntu Testing Bot
Published-By: James Page <james.page at ubuntu.com>

More information about the Cloud-archive-changes mailing list