[ubuntu/natty-security] qemu-kvm 0.14.0+noroms-0ubuntu4.3 (Accepted)

[Jamie Strandboge]

qemu-kvm (0.14.0+noroms-0ubuntu4.3) natty-security; urgency=low

  * SECURITY UPDATE: fix to validate virtqueue in and out requests from the
    guests
    - debian/patches/CVE-2011-2212-virtqueue-indirect-overflow.patch: update
      hw/virtio.c to verify the length of indirect descriptors in
      virtqueue_pop() and virtqueue_avail_bytes()
    - CVE-2011-2212
  * SECURITY UPDATE: validate virtio_queue_notify() is non-negative
    - debian/patches/CVE-2011-2512-negative-vq-notifies.diff: update
      to move comparison out to syborg_virtio_writel(), virtio_ioport_write()
      and virtio_queue_notify_vq() and don't call common virtio code if
      virtqueue number is invalid. Patch from Debian.
    - CVE-2011-2512

Date: Tue, 05 Jul 2011 14:35:10 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/qemu-kvm/0.14.0+noroms-0ubuntu4.3
-------------- next part --------------
Format: 1.8
Date: Tue, 05 Jul 2011 14:35:10 -0500
Source: qemu-kvm
Binary: qemu-kvm qemu-common kvm qemu
Architecture: source
Version: 0.14.0+noroms-0ubuntu4.3
Distribution: natty-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 kvm        - dummy transitional package from kvm to qemu-kvm
 qemu       - dummy transitional package from qemu to qemu-kvm
 qemu-common - qemu common functionality (bios, documentation, etc)
 qemu-kvm   - Full virtualization on i386 and amd64 hardware
Changes: 
 qemu-kvm (0.14.0+noroms-0ubuntu4.3) natty-security; urgency=low
 .
   * SECURITY UPDATE: fix to validate virtqueue in and out requests from the
     guests
     - debian/patches/CVE-2011-2212-virtqueue-indirect-overflow.patch: update
       hw/virtio.c to verify the length of indirect descriptors in
       virtqueue_pop() and virtqueue_avail_bytes()
     - CVE-2011-2212
   * SECURITY UPDATE: validate virtio_queue_notify() is non-negative
     - debian/patches/CVE-2011-2512-negative-vq-notifies.diff: update
       to move comparison out to syborg_virtio_writel(), virtio_ioport_write()
       and virtio_queue_notify_vq() and don't call common virtio code if
       virtqueue number is invalid. Patch from Debian.
     - CVE-2011-2512
Checksums-Sha1: 
 cb60e1af5bf89a910add5144ae9764c2560ee2eb 2099 qemu-kvm_0.14.0+noroms-0ubuntu4.3.dsc
 d9d07c0fc40c02b01423249bcad931fd0d06b629 59101 qemu-kvm_0.14.0+noroms-0ubuntu4.3.diff.gz
Checksums-Sha256: 
 745a8668ddf8fb7b8d2ee449170e4eb7b73eeb125cbaa6a77ec31f00f6d9147a 2099 qemu-kvm_0.14.0+noroms-0ubuntu4.3.dsc
 02590d36c2361690e9df2f8d9dbef556606e0191c8798ba4df4a4c973029091d 59101 qemu-kvm_0.14.0+noroms-0ubuntu4.3.diff.gz
Files: 
 a9d2603b6675b5dc7af83ad817b41c4a 2099 misc optional qemu-kvm_0.14.0+noroms-0ubuntu4.3.dsc
 6ead000b2c6e82b1187baa94c2f76462 59101 misc optional qemu-kvm_0.14.0+noroms-0ubuntu4.3.diff.gz