[ubuntu/focal-updates] qemu 1:4.2-3ubuntu6.28 (Accepted)

[Ubuntu Archive Robot]

qemu (1:4.2-3ubuntu6.28) focal-security; urgency=medium

  * SECURITY UPDATE: infinite loop in USB xHCI controller
    - debian/patches/CVE-2020-14394.patch: Fix unbounded loop in
      xhci_ring_chain_length() in hw/usb/hcd-xhci.c.
    - CVE-2020-14394
  * SECURITY UPDATE: code execution in TCG Accelerator
    - debian/patches/CVE-2020-24165.patch: fix race in cpu_exec_step_atomic
      in accel/tcg/cpu-exec.c.
    - CVE-2020-24165
  * SECURITY UPDATE: OOB access in ATI VGA device
    - debian/patches/CVE-2021-3638.patch: Fix buffer overflow in ati_2d_blt
      in hw/display/ati_2d.c.
    - CVE-2021-3638
  * SECURITY UPDATE: OOB read in RDMA device
    - debian/patches/CVE-2023-1544.patch: protect against buggy or
      malicious guest driver in hw/rdma/vmw/pvrdma_main.c.
    - CVE-2023-1544
  * SECURITY UPDATE: 9pfs special file access
    - debian/patches/CVE-2023-2861.patch: prevent opening special files in
      fsdev/virtfs-proxy-helper.c, hw/9pfs/9p-util.h.
    - CVE-2023-2861
  * SECURITY UPDATE: heap overflow in crypto device
    - debian/patches/CVE-2023-3180.patch: verify src&dst buffer length for
      sym request in hw/virtio/virtio-crypto.c.
    - CVE-2023-3180
  * SECURITY UPDATE: DoS in VNC server
    - debian/patches/CVE-2023-3354.patch: remove io watch if TLS channel is
      closed during handshake in include/io/channel-tls.h,
      io/channel-tls.c.
    - CVE-2023-3354
  * SECURITY UPDATE: disk offset 0 access
    - debian/patches/CVE-2023-5088.patch: cancel async DMA operation before
      resetting state in hw/ide/core.c.
    - CVE-2023-5088

Date: 2023-12-01 15:05:18.396860+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/qemu/1:4.2-3ubuntu6.28
-------------- next part --------------
Sorry, changesfile not available.