[ubuntu/focal-updates] qemu 1:4.2-3ubuntu6.23 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Tue Jun 21 15:31:16 UTC 2022
qemu (1:4.2-3ubuntu6.23) focal-security; urgency=medium
* SECURITY UPDATE: heap overflow in floppy disk emulator
- debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
hw/block/fdc.c.
- CVE-2021-3507
* SECURITY UPDATE: integer overflow in QXL display device emulation
- debian/patches/CVE-2021-4206.patch: check width and height in
hw/display/qxl-render.c, hw/display/vmware_vga.c, ui/cursor.c.
- CVE-2021-4206
* SECURITY UPDATE: heap overflow in QXL display device emulation
- debian/patches/CVE-2021-4207.patch: fix race condition in qxl_cursor
in hw/display/qxl-render.c.
- CVE-2021-4207
* SECURITY UPDATE: memory leakage in virtio-net device
- debian/patches/CVE-2022-26353.patch: fix map leaking on error during
receive in hw/net/virtio-net.c.
- CVE-2022-26353
* SECURITY UPDATE: memory leakage in vhost-vsock device
- debian/patches/CVE-2022-26354.patch: detach the virqueue element in
case of error in hw/virtio/vhost-vsock.c.
- CVE-2022-26354
qemu (1:4.2-3ubuntu6.22) focal; urgency=medium
* d/p/u/lp-1967814-*: avoid interpreting failed scsi requests as
good which could lead to silent data corruption (LP: #1967814)
This refactors handling of sense codes and SCSI status to be able
detect, handle and pass that information to the guest as needed.
Date: 2022-06-10 11:55:08.331443+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/qemu/1:4.2-3ubuntu6.23
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list