[ubuntu/impish-security] qemu 1:6.0+dfsg-2expubuntu1.2 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Mon Feb 28 12:38:57 UTC 2022


qemu (1:6.0+dfsg-2expubuntu1.2) impish-security; urgency=medium

  * SECURITY UPDATE: multiple issues in vhost-user GPU device
    - debian/patches/CVE-2021-3544-1.patch: fix memory disclosure in
      contrib/vhost-user-gpu/virgl.c.
    - debian/patches/CVE-2021-3544-2.patch: fix resource leak in
      contrib/vhost-user-gpu/vhost-user-gpu.c.
    - debian/patches/CVE-2021-3544-3.patch: fix memory leak in
      contrib/vhost-user-gpu/vhost-user-gpu.c.
    - debian/patches/CVE-2021-3544-4.patch: fix memory leak in
      contrib/vhost-user-gpu/vhost-user-gpu.c.
    - debian/patches/CVE-2021-3544-5.patch: fix memory leak in
      contrib/vhost-user-gpu/virgl.c.
    - debian/patches/CVE-2021-3544-6.patch: fix memory leak in
      contrib/vhost-user-gpu/virgl.c.
    - debian/patches/CVE-2021-3544-7.patch: fix OOB write in
      contrib/vhost-user-gpu/virgl.c.
    - debian/patches/CVE-2021-3544-8.patch: abstract vg_cleanup_mapping_iov
      in contrib/vhost-user-gpu/vhost-user-gpu.c,
      contrib/vhost-user-gpu/virgl.c, contrib/vhost-user-gpu/vugpu.h.
    - CVE-2021-3544
    - CVE-2021-3545
    - CVE-2021-3546
  * SECURITY UPDATE: crash or code exec in USB redirector device emulation
    - debian/patches/CVE-2021-3682.patch: fix free call in
      hw/usb/redirect.c.
    - CVE-2021-3682
  * SECURITY UPDATE: OOB write in UAS (USB Attached SCSI) device
    - debian/patches/CVE-2021-3713.patch: add stream number sanity checks
      in hw/usb/dev-uas.c.
    - CVE-2021-3713
  * SECURITY UPDATE: heap use-after-free in virtio_net_receive_rcu
    - debian/patches/CVE-2021-3748.patch: fix use after unmap/free for sg
      in hw/net/virtio-net.c.
    - CVE-2021-3748
  * SECURITY UPDATE: off-by-one error in mode_sense_page()
    - debian/patches/CVE-2021-3930.patch: MODE_PAGE_ALLS not allowed in
      MODE SELECT commands in hw/scsi/scsi-disk.c.
    - CVE-2021-3930
  * SECURITY UPDATE: NULL pointer dereference in pci_write()
    - debian/patches/CVE-2021-4158.patch: validate hotplug selector on
      access in hw/acpi/pcihp.c.
    - CVE-2021-4158
  * SECURITY UPDATE: NULL dereference in floppy disk emulator
    - debian/patches/CVE-2021-20196-1.patch: Extract
      blk_create_empty_drive() in hw/block/fdc.c.
    - debian/patches/CVE-2021-20196-2.patch: kludge missing floppy drive in
      hw/block/fdc.c.
    - CVE-2021-20196
  * SECURITY UPDATE: integer overflow in vmxnet3 NIC emulator
    - debian/patches/CVE-2021-20203.patch: validate configuration values
      during activate in hw/net/vmxnet3.c.
    - CVE-2021-20203
  * SECURITY UPDATE: potential privilege escalation in virtiofsd
    - debian/patches/CVE-2022-0358.patch: Drop membership of all
      supplementary groups in tools/virtiofsd/passthrough_ll.c.
    - CVE-2022-0358

Date: 2022-02-23 12:30:10.477411+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/qemu/1:6.0+dfsg-2expubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.


More information about the impish-changes mailing list