[ubuntu/lucid-security] qemu-kvm 0.12.3+noroms-0ubuntu9.12 (Accepted)
Jamie Strandboge
jamie at ubuntu.com
Wed Jul 6 21:04:18 UTC 2011
qemu-kvm (0.12.3+noroms-0ubuntu9.12) lucid-security; urgency=low
* SECURITY UPDATE: fix to validate virtqueue in and out requests from the
guests
- debian/patches/CVE-2011-2212-virtqueue-indirect-overflow.patch: update
hw/virtio.c to verify the length of indirect descriptors in
virtqueue_pop() and virtqueue_avail_bytes()
- CVE-2011-2212
* SECURITY UPDATE: validate virtio_queue_notify() is non-negative
- debian/patches/CVE-2011-2512-negative-vq-notifies.diff: update
to move comparison out to syborg_virtio_writel(), virtio_ioport_write()
and virtio_queue_notify_vq() and don't call common virtio code if
virtqueue number is invalid. Patch from Debian.
- CVE-2011-2512
Date: Tue, 05 Jul 2011 15:16:04 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/qemu-kvm/0.12.3+noroms-0ubuntu9.12
-------------- next part --------------
Format: 1.8
Date: Tue, 05 Jul 2011 15:16:04 -0500
Source: qemu-kvm
Binary: qemu-kvm qemu-common qemu-kvm-extras qemu-kvm-extras-static qemu-arm-static kvm qemu
Architecture: source
Version: 0.12.3+noroms-0ubuntu9.12
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
kvm - dummy transitional pacakge from kvm to qemu-kvm
qemu - dummy transitional pacakge from qemu to qemu-kvm
qemu-arm-static - dummy transitional package for qemu-kvm-extras-static
qemu-common - qemu common functionality (bios, documentation, etc)
qemu-kvm - Full virtualization on i386 and amd64 hardware
qemu-kvm-extras - fast processor emulator binaries for non-x86 architectures
qemu-kvm-extras-static - static QEMU user mode emulation binaries
Changes:
qemu-kvm (0.12.3+noroms-0ubuntu9.12) lucid-security; urgency=low
.
* SECURITY UPDATE: fix to validate virtqueue in and out requests from the
guests
- debian/patches/CVE-2011-2212-virtqueue-indirect-overflow.patch: update
hw/virtio.c to verify the length of indirect descriptors in
virtqueue_pop() and virtqueue_avail_bytes()
- CVE-2011-2212
* SECURITY UPDATE: validate virtio_queue_notify() is non-negative
- debian/patches/CVE-2011-2512-negative-vq-notifies.diff: update
to move comparison out to syborg_virtio_writel(), virtio_ioport_write()
and virtio_queue_notify_vq() and don't call common virtio code if
virtqueue number is invalid. Patch from Debian.
- CVE-2011-2512
Checksums-Sha1:
ef18c172dd84901e2124d0905393ee47455e4bc5 2161 qemu-kvm_0.12.3+noroms-0ubuntu9.12.dsc
0c1f402d7a28b63cc3b9f755f07315feca731439 67013 qemu-kvm_0.12.3+noroms-0ubuntu9.12.diff.gz
Checksums-Sha256:
64b0f19c5967c6681096572fd2b329435dcdc39cd9c0a712bc19cea42f231617 2161 qemu-kvm_0.12.3+noroms-0ubuntu9.12.dsc
da9aaf59d0ea830999f84da506e04745697d6f4b6a0fbc72ff257168361a3ccf 67013 qemu-kvm_0.12.3+noroms-0ubuntu9.12.diff.gz
Files:
fdc097ff9dcc5c1ff198141133754f2b 2161 misc optional qemu-kvm_0.12.3+noroms-0ubuntu9.12.dsc
6ecb5fc4e4b066df9c71e15ee5353660 67013 misc optional qemu-kvm_0.12.3+noroms-0ubuntu9.12.diff.gz
More information about the Lucid-changes
mailing list