[ubuntu-cloud-archive/pike-proposed] qemu (Accepted)

Corey Bryant corey.bryant at canonical.com
Fri Mar 9 21:01:47 UTC 2018


 qemu (1:2.10+dfsg-0ubuntu3.5~cloud0) xenial-pike; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 qemu (1:2.10+dfsg-0ubuntu3.5) artful-security; urgency=medium
 .
   * SECURITY UPDATE: DoS via out-of-bounds read in VGA driver
     - debian/patches/CVE-2017-13672-2.patch: handle cirrus vbe mode
       wraparounds in hw/display/vga.c.
     - debian/patches/CVE-2017-13672-3.patch: fix region checks in
       wraparound case in hw/display/vga.c.
     - CVE-2017-13672
   * SECURITY UPDATE: information disclosure via race in 9pfs
     - debian/patches/CVE-2017-15038.patch: use g_malloc0 to allocate space
       for xattr in hw/9pfs/9p.c.
     - CVE-2017-15038
   * SECURITY UPDATE: long export name overflow in NBD server
     - debian/patches/CVE-2017-15118.patch: check length in nbd/server.c.
     - CVE-2017-15118
   * SECURITY UPDATE: DoS via large option request in NBD server
     - debian/patches/CVE-2017-15119.patch: reject options larger than 32M
       in nbd/server.c.
     - CVE-2017-15119
   * SECURITY UPDATE: DoS via unbounded memory allocation in VNC server
     - debian/patches/CVE-2017-15124-pre1.patch: remove 'sync' parameter
       from vnc_update_client in ui/vnc.c.
     - debian/patches/CVE-2017-15124-pre2.patch: remove unreachable code in
       vnc_update_client in ui/vnc.c.
     - debian/patches/CVE-2017-15124-pre3.patch: remove redundant
       indentation in vnc_client_update in ui/vnc.c.
     - debian/patches/CVE-2017-15124-pre4.patch: avoid pointless VNC updates
       if framebuffer isn't dirty in ui/vnc.c.
     - debian/patches/CVE-2017-15124-pre5.patch: introduce enum to track VNC
       client framebuffer update request state in ui/vnc.*.
     - debian/patches/CVE-2017-15124-pre6.patch: correctly reset framebuffer
       update state after processing dirty regions in ui/vnc.c.
     - debian/patches/CVE-2017-15124-pre7.patch: refactor code for
       determining if an update should be sent to the client in ui/vnc.c.
     - debian/patches/CVE-2017-15124-pre8.patch: track how much decoded data
       we consumed when doing SASL encoding in ui/vnc-auth-sasl.c,
       ui/vnc-auth-sasl.h.
     - debian/patches/CVE-2017-15124-1.patch: fix VNC client throttling when
       audio capture is active in ui/vnc.*.
     - debian/patches/CVE-2017-15124-2.patch: fix VNC client throttling when
       forced update is requested in ui/vnc-auth-sasl.c, ui/vnc-jobs.c,
       ui/vnc.*.
     - debian/patches/CVE-2017-15124-3.patch: place a hard cap on VNC server
       output buffer size in ui/vnc.c.
     - CVE-2017-15124
   * SECURITY UPDATE: memory leak in websocket GSource
     - debian/patches/CVE-2017-15268.patch: monitor encoutput buffer size
       from websocket GSource in io/channel-websock.c.
     - CVE-2017-15268
   * SECURITY UPDATE: DoS in cirrus driver
     - debian/patches/CVE-2017-15289.patch: fix oob access in mode4and5
       write functions in hw/display/cirrus_vga.c.
     - CVE-2017-15289
   * SECURITY UPDATE: out-of-bounds access in ps2 driver
     - debian/patches/CVE-2017-16845.patch: check PS2Queue pointers in
       post_load routine in hw/input/ps2.c.
     - CVE-2017-16845
   * SECURITY UPDATE: DoS in Virtio Vring implementation
     - debian/patches/CVE-2017-17381.patch: check VirtQueue Vring object is
       set in hw/virtio/virtio.c.
     - CVE-2017-17381
   * SECURITY UPDATE: DoS in VGA driver
     - debian/patches/CVE-2018-5683.patch: check the validation of memory
       addr when draw text in hw/display/vga.c.
     - CVE-2018-5683

Date: Tue, 20 Feb 2018 19:44:35 +0000
Changed-By: Openstack Ubuntu Testing Bot <openstack-testing-bot at ubuntu.com>
Signed-By: Openstack Ubuntu Testing Bot
Published-By: Corey Bryant <corey.bryant at canonical.com>


More information about the Cloud-archive-changes mailing list