[ubuntu/jammy-security] qemu 1:6.2+dfsg-2ubuntu6.16 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Mon Jan 8 17:20:55 UTC 2024

qemu (1:6.2+dfsg-2ubuntu6.16) jammy-security; urgency=medium

  * SECURITY UPDATE: infinite loop in USB xHCI controller
    - debian/patches/CVE-2020-14394.patch: fix unbounded loop in
    - CVE-2020-14394
  * SECURITY UPDATE: OOB read in RDMA device
    - debian/patches/CVE-2023-1544.patch: protect against buggy or
      malicious guest driver in hw/rdma/vmw/pvrdma_main.c.
    - CVE-2023-1544
  * SECURITY UPDATE: 9pfs special file access
    - debian/patches/CVE-2023-2861.patch: prevent opening special files in
      fsdev/virtfs-proxy-helper.c, hw/9pfs/9p-util.h.
    - CVE-2023-2861
  * SECURITY UPDATE: heap overflow in crypto device
    - debian/patches/CVE-2023-3180.patch: verify src&dst buffer length for
      sym request in hw/virtio/virtio-crypto.c.
    - CVE-2023-3180
  * SECURITY UPDATE: infinite loop in VNC server
    - debian/patches/CVE-2023-3255.patch: fix infinite loop in
      inflate_buffer in ui/vnc-clipboard.c.
    - CVE-2023-3255
  * SECURITY UPDATE: race in virtio-net hot-unplug
    - debian/patches/CVE-2023-3301.patch: do not cleanup the vdpa/vhost-net
      structures if peer nic is present in net/vhost-vdpa.c.
    - CVE-2023-3301
  * SECURITY UPDATE: DoS in VNC server
    - debian/patches/CVE-2023-3354.patch: remove io watch if TLS channel is
      closed during handshake in include/io/channel-tls.h,
    - CVE-2023-3354
  * SECURITY UPDATE: disk offset 0 access
    - debian/patches/CVE-2023-5088.patch: cancel async DMA operation before
      resetting state in hw/ide/core.c.
    - CVE-2023-5088
  * SECURITY UPDATE: DoS in Intel HD Audio device
    - debian/patches/CVE-2021-3611-*.patch: add MemTxAttrs argument to
      DMA functions and use it in hw/audio/intel-hda.c.
    - CVE-2021-3611

qemu (1:6.2+dfsg-2ubuntu6.15) jammy; urgency=medium

  * d/rules: remove --no-start for qemu-guest-agent (LP: #2028124)

qemu (1:6.2+dfsg-2ubuntu6.14) jammy; urgency=medium

  * d/u/lp-2033957-virtiofsd-Fix-breakage-due-to-fuse_init_in.patch:
    Fix virtiofsd breakage due to fuse_init_in size change, which
    happened because of the Linux kernel 5.17 headers that were
    imported in a previous patch. (LP: #2033957)

qemu (1:6.2+dfsg-2ubuntu6.13) jammy; urgency=medium

  * d/p/u/lp-1853307-*.patch: Backport patches to implement Enhanced
    Interpretation for PCI Functions (s390x).  (LP: #1853307)

qemu (1:6.2+dfsg-2ubuntu6.12) jammy; urgency=medium

  [ Chengen Du ]
  * d/p/u/lp2025591-block-use-the-request-length-for-iov-alignment.patch:
    Fix boot error on the HWE 6.2 kernel with direct IO (eg, cache=none)
    if the logical block size is smaller than in the host (LP: #2025591)

Date: 2023-12-01 14:39:10.619253+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the jammy-changes mailing list