[ubuntu/jammy-security] qemu 1:6.2+dfsg-2ubuntu6.2 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Jun 21 14:40:08 UTC 2022
qemu (1:6.2+dfsg-2ubuntu6.2) jammy-security; urgency=medium
* SECURITY UPDATE: heap overflow in floppy disk emulator
- debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
hw/block/fdc.c.
- CVE-2021-3507
* SECURITY UPDATE: use-after-free in nvme
- debian/patches/CVE-2021-3929.patch: deny DMA to the iomem of the
device itself in hw/nvme/ctrl.c.
- CVE-2021-3929
* SECURITY UPDATE: integer overflow in QXL display device emulation
- debian/patches/CVE-2021-4206.patch: check width and height in
hw/display/qxl-render.c, hw/display/vmware_vga.c, ui/cursor.c.
- CVE-2021-4206
* SECURITY UPDATE: heap overflow in QXL display device emulation
- debian/patches/CVE-2021-4207.patch: fix race condition in qxl_cursor
in hw/display/qxl-render.c.
- CVE-2021-4207
* SECURITY UPDATE: potential privilege escalation in virtiofsd
- debian/patches/CVE-2022-0358.patch: Drop membership of all
supplementary groups in tools/virtiofsd/passthrough_ll.c.
- CVE-2022-0358
* SECURITY UPDATE: memory leakage in virtio-net device
- debian/patches/CVE-2022-26353.patch: fix map leaking on error during
receive in hw/net/virtio-net.c.
- CVE-2022-26353
* SECURITY UPDATE: memory leakage in vhost-vsock device
- debian/patches/CVE-2022-26354.patch: detach the virqueue element in
case of error in hw/virtio/vhost-vsock-common.c.
- CVE-2022-26354
Date: 2022-06-10 12:03:31.288306+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/qemu/1:6.2+dfsg-2ubuntu6.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list