[ubuntu/oneiric] qemu-kvm 0.14.0+noroms-0ubuntu8 (Accepted)

Jamie Strandboge jamie at ubuntu.com
Wed Jul 6 16:05:22 UTC 2011


qemu-kvm (0.14.0+noroms-0ubuntu8) oneiric; urgency=low

  * SECURITY UPDATE: fix to validate virtqueue in and out requests from the
    guests
    - debian/patches/CVE-2011-2212-virtqueue-indirect-overflow.patch: update
      hw/virtio.c to verify the length of indirect descriptors in
      virtqueue_pop() and virtqueue_avail_bytes()
    - CVE-2011-2212
    - LP: #806167
  * SECURITY UPDATE: validate virtio_queue_notify() is non-negative
    - virtio-guard-against-negative-vq-notifies-CVE-2011-2512.diff: update
      to move comparison out to syborg_virtio_writel(), virtio_ioport_write()
      and virtio_queue_notify_vq() and don't call common virtio code if
      virtqueue number is invalid. Patch from Debian.
    - CVE-2011-2512
    - LP: #806166

Date: Tue, 05 Jul 2011 13:24:52 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/oneiric/+source/qemu-kvm/0.14.0+noroms-0ubuntu8
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 05 Jul 2011 13:24:52 -0500
Source: qemu-kvm
Binary: qemu-kvm qemu-common kvm qemu
Architecture: source
Version: 0.14.0+noroms-0ubuntu8
Distribution: oneiric
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 kvm        - dummy transitional package from kvm to qemu-kvm
 qemu       - dummy transitional package from qemu to qemu-kvm
 qemu-common - qemu common functionality (bios, documentation, etc)
 qemu-kvm   - Full virtualization on i386 and amd64 hardware
Launchpad-Bugs-Fixed: 806166 806167
Changes: 
 qemu-kvm (0.14.0+noroms-0ubuntu8) oneiric; urgency=low
 .
   * SECURITY UPDATE: fix to validate virtqueue in and out requests from the
     guests
     - debian/patches/CVE-2011-2212-virtqueue-indirect-overflow.patch: update
       hw/virtio.c to verify the length of indirect descriptors in
       virtqueue_pop() and virtqueue_avail_bytes()
     - CVE-2011-2212
     - LP: #806167
   * SECURITY UPDATE: validate virtio_queue_notify() is non-negative
     - virtio-guard-against-negative-vq-notifies-CVE-2011-2512.diff: update
       to move comparison out to syborg_virtio_writel(), virtio_ioport_write()
       and virtio_queue_notify_vq() and don't call common virtio code if
       virtqueue number is invalid. Patch from Debian.
     - CVE-2011-2512
     - LP: #806166
Checksums-Sha1: 
 391a612186f21638eb78586cefd0b33e296e662f 2105 qemu-kvm_0.14.0+noroms-0ubuntu8.dsc
 bf1af531a61570e7ccd5ff2186e73f1c479db9f4 59217 qemu-kvm_0.14.0+noroms-0ubuntu8.diff.gz
Checksums-Sha256: 
 742e64e28158ed3d0674c5af2fdeeb3e27b111833be1a48ab620abf71ad7544d 2105 qemu-kvm_0.14.0+noroms-0ubuntu8.dsc
 4a9c519df9d1e80da8269e563fae197833fba6452b5c214f667a02d107a25749 59217 qemu-kvm_0.14.0+noroms-0ubuntu8.diff.gz
Files: 
 b7fbf0d82025cb35084cafd7a933693f 2105 misc optional qemu-kvm_0.14.0+noroms-0ubuntu8.dsc
 e5c77a34a24d01f7d466588f7d344ea7 59217 misc optional qemu-kvm_0.14.0+noroms-0ubuntu8.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJOE3LhAAoJEFHb3FjMVZVzfOEP/A6Mg/WnH1pz7EAp+bgZ8vOC
5vNecLLiZKG6XoaDkHg2qoY6eps/te1Tpi0eeM7cBq4Qo6yND3ySq43kNdInYhPR
mFYzbiSwJaqlAQICg/k9vx9XG/F416pfyc8rRfFiQXrHGFutU66CS+jQ6J6eYxwp
SYSqNgzH9oDQmTkog8idaB6SKNCdLKyP6hZxRXQoYTEcVB7npJRADdvaS7tvQO+A
AukgXTk+okn4EJq/VylCQr3E+c7twLlmlWgL070sDN9pPJb9XVorW58ZVkvyNsN4
tF4Sb9tlwRD1clkXUbRYqB5TJUCBRv93+tsPubypC6gwU4UA+GyeaG9aiMIzlI2Q
wiVVZkgGF52RDoyZoQoDlvr5lycJuXRQ0OREcXsR/4tz7jCQzVnHSVKuQZ4MnqMf
pnhpx52xU5oeTXUGMT/lTj18dTz+CpP3j88XHn9VxtQ2ScFpBjA8Be7VQNwknLHK
NcH5bNazM50Ww56dYGcru9zoURcfg9rT33RsphGTnDOGhtk617Uf8nMnf5Z7EvdE
v897lK6pQw3MP3xwvsoE7Uho91gTpt0xjVCdtyzaWM4oSeTnT9w9j6j7GayR8gi3
sfmUL0kitwqz8tGp1qiUsXTn1tUihexAtaVtnwkbUAuvRWNWFn9QRPatrEtadK0E
gYd2iuk+nhURec2SBiz4
=FeBP
-----END PGP SIGNATURE-----


More information about the Oneiric-changes mailing list