[ubuntu/maverick-security] qemu-kvm 0.12.5+noroms-0ubuntu7.5 (Accepted)

Jamie Strandboge jamie at ubuntu.com
Fri Jun 10 05:03:40 UTC 2011 

qemu-kvm (0.12.5+noroms-0ubuntu7.5) maverick-security; urgency=low

  * SECURITY UPDATE: fix heap buffer overflow from unaligned requests
    - virtio-blk-fail-unaligned-access-CVE-2011-1750-52c050236e.diff:
      patch from Debian
    - CVE-2011-1750
  * SECURITY UPDATE: verify no_hotplug attribute when handling hot-unplug
    requests
    - CVE-2011-1751-prep-pci-cleanly-backout-of-pci_qdev_init-925fe64ae7.diff:
      Moving common code to a separate function and using it from another
      place to fix a memory leak. Backported by Debian
    - CVE-2011-1751-prep-hotplug-0-acpi_piix4-qdevfy-e8ec0571e1.diff: This
      qdevifies acpi_piix4 device. Backported by Debian
    - CVE-2011-1751-prep-hotplug-1-pci-allow-devices-being-tagged-as-not-hotpluggable-180c22e18b.diff:
      Introduce a "no_hotplug" attribute and check it in common places
      to ensure such devices wont be hot-(un)plugged. This needs the
      pci-cleanly-backout-of-pci_qdev_init patch mentioned above. Backported
      by Debian
    - CVE-2011-1751-prep-hotplug-2-piix-tag-as-not-hotpluggable-0965f12da6.diff:
      Backported by Debian
    - CVE-2011-1751-prep-hotplug-3-vga-tag-as-not-hotplugable-be92bbf73d.diff:
      Mark certain devices as non-hotpluggable. Backported by Debian
    - CVE-2011-1751-hotplug-4-ignore-pci-hotplug-requests-for-unpluggable-devices.diff:
      Verifies the no_hotplug attribute when handling hot-unplug request from
      guest. Backported by Debian

Date: Sun, 29 May 2011 08:22:56 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/qemu-kvm/0.12.5+noroms-0ubuntu7.5
-------------- next part --------------
Format: 1.8
Date: Sun, 29 May 2011 08:22:56 -0500
Source: qemu-kvm
Binary: qemu-kvm qemu-common qemu-kvm-extras qemu-kvm-extras-static qemu-arm-static kvm qemu
Architecture: source
Version: 0.12.5+noroms-0ubuntu7.5
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 kvm        - dummy transitional pacakge from kvm to qemu-kvm
 qemu       - dummy transitional pacakge from qemu to qemu-kvm
 qemu-arm-static - dummy transitional package for qemu-kvm-extras-static
 qemu-common - qemu common functionality (bios, documentation, etc)
 qemu-kvm   - Full virtualization on i386 and amd64 hardware
 qemu-kvm-extras - fast processor emulator binaries for non-x86 architectures
 qemu-kvm-extras-static - static QEMU user mode emulation binaries
Changes: 
 qemu-kvm (0.12.5+noroms-0ubuntu7.5) maverick-security; urgency=low
 .
   * SECURITY UPDATE: fix heap buffer overflow from unaligned requests
     - virtio-blk-fail-unaligned-access-CVE-2011-1750-52c050236e.diff:
       patch from Debian
     - CVE-2011-1750
   * SECURITY UPDATE: verify no_hotplug attribute when handling hot-unplug
     requests
     - CVE-2011-1751-prep-pci-cleanly-backout-of-pci_qdev_init-925fe64ae7.diff:
       Moving common code to a separate function and using it from another
       place to fix a memory leak. Backported by Debian
     - CVE-2011-1751-prep-hotplug-0-acpi_piix4-qdevfy-e8ec0571e1.diff: This
       qdevifies acpi_piix4 device. Backported by Debian
     - CVE-2011-1751-prep-hotplug-1-pci-allow-devices-being-tagged-as-not-hotpluggable-180c22e18b.diff:
       Introduce a "no_hotplug" attribute and check it in common places
       to ensure such devices wont be hot-(un)plugged. This needs the
       pci-cleanly-backout-of-pci_qdev_init patch mentioned above. Backported
       by Debian
     - CVE-2011-1751-prep-hotplug-2-piix-tag-as-not-hotpluggable-0965f12da6.diff:
       Backported by Debian
     - CVE-2011-1751-prep-hotplug-3-vga-tag-as-not-hotplugable-be92bbf73d.diff:
       Mark certain devices as non-hotpluggable. Backported by Debian
     - CVE-2011-1751-hotplug-4-ignore-pci-hotplug-requests-for-unpluggable-devices.diff:
       Verifies the no_hotplug attribute when handling hot-unplug request from
       guest. Backported by Debian
Checksums-Sha1: 
 cd45b5d425251122720dcdd3df74eb87876bae11 2183 qemu-kvm_0.12.5+noroms-0ubuntu7.5.dsc
 f40f3088db5297f2b00b8c4723317a5d64c7a372 64494 qemu-kvm_0.12.5+noroms-0ubuntu7.5.diff.gz
Checksums-Sha256: 
 fd11b51f6cda7293171c334c19cae4a15782f44ffa40aed6987dd22b0f45f0f6 2183 qemu-kvm_0.12.5+noroms-0ubuntu7.5.dsc
 42d7f8e2ff48abde92bb51bf0c8c59788147b657b8a00274cf87c5cfeb88cc23 64494 qemu-kvm_0.12.5+noroms-0ubuntu7.5.diff.gz
Files: 
 f3d62528b04a34bec9da9cd8f848d438 2183 misc optional qemu-kvm_0.12.5+noroms-0ubuntu7.5.dsc
 ad40a7a34fb4604187e0760c35b614ca 64494 misc optional qemu-kvm_0.12.5+noroms-0ubuntu7.5.diff.gz

More information about the Maverick-changes mailing list