[ubuntu/groovy-security] qemu 1:5.0-5ubuntu9.4 (Accepted)

[Marc Deslauriers]

qemu (1:5.0-5ubuntu9.4) groovy-security; urgency=medium

  * SECURITY UPDATE: use-after-free in e1000e
    - debian/patches/ubuntu/CVE-2020-15859.patch: forbid the reentrant RX
      in net/queue.c.
    - CVE-2020-15859
  * SECURITY UPDATE: OOB write to MSI-X table
    - debian/patches/ubuntu/CVE-2020-27821.patch: clamp cached translation
      in case it points to an MMIO region in exec.c.
    - CVE-2020-27821
  * SECURITY UPDATE: infinite loop in e1000e
    - debian/patches/ubuntu/CVE-2020-28916.patch: advance desc_offset in
      case of null descriptor in hw/net/e1000e_core.c.
    - CVE-2020-28916
  * SECURITY UPDATE: out of bounds read in atapi
    - debian/patches/ubuntu/CVE-2020-29443-1.patch: assert that the buffer
      pointer is in range in hw/ide/atapi.c.
    - debian/patches/ubuntu/CVE-2020-29443-2.patch: check logical block
      address and read size in hw/ide/atapi.c.
    - CVE-2020-29443
  * SECURITY UPDATE: use after free in 9p
    - debian/patches/ubuntu/CVE-2021-20181.patch: fully restart unreclaim
      loop in hw/9pfs/9p.c.
    - CVE-2021-20181

qemu (1:5.0-5ubuntu9.3) groovy; urgency=medium

  * d/p/ubuntu/lp-1907656-s390x-s390-virtio-ccw-Reset-PCI-devices-during-subsy:
    avoid PCI devices to become unavailable on reset (LP: #1907656)
  * d/rules: fix qemu-user-static to really be static (LP: #1908331)

Date: 2021-02-04 12:03:16.400486+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/qemu/1:5.0-5ubuntu9.4
-------------- next part --------------
Sorry, changesfile not available.