[ubuntu/eoan-security] qemu 1:4.0+dfsg-0ubuntu9.1 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Wed Nov 13 22:51:02 UTC 2019


qemu (1:4.0+dfsg-0ubuntu9.1) eoan-security; urgency=medium

  * SECURITY UPDATE: infinite loop when executing LSI scsi adapter
    emulator scripts
    - d/p/u/CVE-2019-12068.patch: Move the existing loop exit
    - CVE-2019-12068
  * SECURITY UPDATE: null pointer dereference in qxl display driver
    - d/p/u/CVE-2019-12155.patch: qxl: check release info object
    - CVE-2019-12155
  * SECURITY UPDATE: qemu-bridge-helper interface name buffer overflow
    - d/p/u/CVE-2019-13164.patch: qemu-bridge-helper: restrict
      interface name to IFNAMSIZ
    - CVE-2019-13164
  * SECURITY UPDATE: heap overflow in slirp
    - d/p/u/CVE-2019-14378.patch: slirp: Fix heap overflow in ip_reass
      on big packet input
    - CVE-2019-14378
  * SECURITY UPDATE: use after free vulnerability in slirp
    - d/p/u/CVE-2019-15890.patch: slirp: ip_reass: Fix use after free
    - CVE-2019-15890
  * Add support for exposing "taa-no" flag to guests:
    - d/p/u/CVE-2019-11135-taa-no.patch
    - CVE-2019-11135
  * Add support for exposing "pschange-mc-no" to guests:
    - d/p/u/pschange-mce.patch

Date: 2019-11-08 07:23:59.263661+00:00
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
https://launchpad.net/ubuntu/+source/qemu/1:4.0+dfsg-0ubuntu9.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Eoan-changes mailing list