[ubuntu/mantic-updates] qemu 1:8.0.4+dfsg-1ubuntu3.23.10.2 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Mon Jan 8 18:59:51 UTC 2024
qemu (1:8.0.4+dfsg-1ubuntu3.23.10.2) mantic-security; urgency=medium
* SECURITY UPDATE: OOB read in RDMA device
- debian/patches/CVE-2023-1544.patch: protect against buggy or
malicious guest driver in hw/rdma/vmw/pvrdma_main.c.
- CVE-2023-1544
* SECURITY UPDATE: null pointer deref in NVME device
- debian/patches/CVE-2023-40360.patch: fix null pointer access in
directive receive in hw/nvme/ctrl.c.
- CVE-2023-40360
* SECURITY UPDATE: OOB read in NVME device
- debian/patches/CVE-2023-4135.patch: fix oob memory read in fdp events
log in hw/nvme/ctrl.c.
- CVE-2023-4135
* SECURITY UPDATE: division by zero via scsi block size
- debian/patches/CVE-2023-42467.patch: disallow block sizes smaller
than 512 in hw/scsi/scsi-disk.c.
- CVE-2023-42467
* SECURITY UPDATE: disk offset 0 access
- debian/patches/CVE-2023-5088.patch: cancel async DMA operation before
resetting state in hw/ide/core.c.
- CVE-2023-5088
Date: 2023-12-01 14:05:10.052841+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/qemu/1:8.0.4+dfsg-1ubuntu3.23.10.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the mantic-changes
mailing list