[ubuntu/mantic-security] qemu 1:8.0.4+dfsg-1ubuntu3.23.10.2 (Accepted)

[Marc Deslauriers]

qemu (1:8.0.4+dfsg-1ubuntu3.23.10.2) mantic-security; urgency=medium

  * SECURITY UPDATE: OOB read in RDMA device
    - debian/patches/CVE-2023-1544.patch: protect against buggy or
      malicious guest driver in hw/rdma/vmw/pvrdma_main.c.
    - CVE-2023-1544
  * SECURITY UPDATE: null pointer deref in NVME device
    - debian/patches/CVE-2023-40360.patch: fix null pointer access in
      directive receive in hw/nvme/ctrl.c.
    - CVE-2023-40360
  * SECURITY UPDATE: OOB read in NVME device
    - debian/patches/CVE-2023-4135.patch: fix oob memory read in fdp events
      log in hw/nvme/ctrl.c.
    - CVE-2023-4135
  * SECURITY UPDATE: division by zero via scsi block size
    - debian/patches/CVE-2023-42467.patch: disallow block sizes smaller
      than 512 in hw/scsi/scsi-disk.c.
    - CVE-2023-42467
  * SECURITY UPDATE: disk offset 0 access
    - debian/patches/CVE-2023-5088.patch: cancel async DMA operation before
      resetting state in hw/ide/core.c.
    - CVE-2023-5088

Date: 2023-12-01 14:05:10.052841+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/qemu/1:8.0.4+dfsg-1ubuntu3.23.10.2
-------------- next part --------------
Sorry, changesfile not available.