[ubuntu-cloud-archive/ussuri-updates] qemu (Accepted)

[Corey Bryant]

 qemu (1:4.2-3ubuntu6.10~cloud0) bionic-ussuri; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 qemu (1:4.2-3ubuntu6.10) focal-security; urgency=medium
 .
   * SECURITY UPDATE: heap buffer overflow in sdhci_sdma_transfer_multi_blocks()
     - debian/patches/ubuntu/CVE-2020-17380.patch: fix DMA Transfer Block
       Size field in hw/sd/sdhci.c.
     - CVE-2020-17380
     - CVE-2020-25085
   * SECURITY UPDATE: use-after-free via unchecked return value
     - debian/patches/ubuntu/CVE-2020-25084.patch: check return value of
       'usb_packet_map' in hw/usb/hcd-xhci.c.
     - CVE-2020-25084
   * SECURITY UPDATE: out-of-bound access issue
     - debian/patches/ubuntu/CVE-2020-25624.patch: check len and
       frame_number variables in hw/usb/hcd-ohci.c.
     - CVE-2020-25624
   * SECURITY UPDATE: infinite loop when a TD list has a loop
     - debian/patches/ubuntu/CVE-2020-25625.patch: check for processed TD
       before retire in hw/usb/hcd-ohci.c.
     - CVE-2020-25625
   * SECURITY UPDATE: assertion failure through usb_packet_unmap()
     - debian/patches/ubuntu/CVE-2020-25723.patch: check return value of
       'usb_packet_map' in hw/usb/hcd-ehci.c.
     - CVE-2020-25723
   * SECURITY UPDATE: bounds issue in ati_2d_blt
     - debian/patches/ubuntu/CVE-2020-27616.patch: check x y display
       parameter values in hw/display/ati_2d.c.
     - CVE-2020-27616
   * SECURITY UPDATE: assertion failure
     - debian/patches/ubuntu/CVE-2020-27617.patch: remove an assert call in
       eth_get_gso_type in net/eth.c.
     - CVE-2020-27617

Date: Mon, 30 Nov 2020 12:37:11 +0000
Changed-By: Openstack Ubuntu Testing Bot <openstack-testing-bot at ubuntu.com>
Signed-By: Openstack Ubuntu Testing Bot
Published-By: Corey Bryant <corey.bryant at canonical.com>