[ubuntu/oneiric] qemu-kvm 0.14.0+noroms-0ubuntu8 (Accepted)
Jamie Strandboge
jamie at ubuntu.com
Wed Jul 6 16:05:22 UTC 2011
qemu-kvm (0.14.0+noroms-0ubuntu8) oneiric; urgency=low
* SECURITY UPDATE: fix to validate virtqueue in and out requests from the
guests
- debian/patches/CVE-2011-2212-virtqueue-indirect-overflow.patch: update
hw/virtio.c to verify the length of indirect descriptors in
virtqueue_pop() and virtqueue_avail_bytes()
- CVE-2011-2212
- LP: #806167
* SECURITY UPDATE: validate virtio_queue_notify() is non-negative
- virtio-guard-against-negative-vq-notifies-CVE-2011-2512.diff: update
to move comparison out to syborg_virtio_writel(), virtio_ioport_write()
and virtio_queue_notify_vq() and don't call common virtio code if
virtqueue number is invalid. Patch from Debian.
- CVE-2011-2512
- LP: #806166
Date: Tue, 05 Jul 2011 13:24:52 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/oneiric/+source/qemu-kvm/0.14.0+noroms-0ubuntu8
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 05 Jul 2011 13:24:52 -0500
Source: qemu-kvm
Binary: qemu-kvm qemu-common kvm qemu
Architecture: source
Version: 0.14.0+noroms-0ubuntu8
Distribution: oneiric
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
kvm - dummy transitional package from kvm to qemu-kvm
qemu - dummy transitional package from qemu to qemu-kvm
qemu-common - qemu common functionality (bios, documentation, etc)
qemu-kvm - Full virtualization on i386 and amd64 hardware
Launchpad-Bugs-Fixed: 806166 806167
Changes:
qemu-kvm (0.14.0+noroms-0ubuntu8) oneiric; urgency=low
.
* SECURITY UPDATE: fix to validate virtqueue in and out requests from the
guests
- debian/patches/CVE-2011-2212-virtqueue-indirect-overflow.patch: update
hw/virtio.c to verify the length of indirect descriptors in
virtqueue_pop() and virtqueue_avail_bytes()
- CVE-2011-2212
- LP: #806167
* SECURITY UPDATE: validate virtio_queue_notify() is non-negative
- virtio-guard-against-negative-vq-notifies-CVE-2011-2512.diff: update
to move comparison out to syborg_virtio_writel(), virtio_ioport_write()
and virtio_queue_notify_vq() and don't call common virtio code if
virtqueue number is invalid. Patch from Debian.
- CVE-2011-2512
- LP: #806166
Checksums-Sha1:
391a612186f21638eb78586cefd0b33e296e662f 2105 qemu-kvm_0.14.0+noroms-0ubuntu8.dsc
bf1af531a61570e7ccd5ff2186e73f1c479db9f4 59217 qemu-kvm_0.14.0+noroms-0ubuntu8.diff.gz
Checksums-Sha256:
742e64e28158ed3d0674c5af2fdeeb3e27b111833be1a48ab620abf71ad7544d 2105 qemu-kvm_0.14.0+noroms-0ubuntu8.dsc
4a9c519df9d1e80da8269e563fae197833fba6452b5c214f667a02d107a25749 59217 qemu-kvm_0.14.0+noroms-0ubuntu8.diff.gz
Files:
b7fbf0d82025cb35084cafd7a933693f 2105 misc optional qemu-kvm_0.14.0+noroms-0ubuntu8.dsc
e5c77a34a24d01f7d466588f7d344ea7 59217 misc optional qemu-kvm_0.14.0+noroms-0ubuntu8.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCgAGBQJOE3LhAAoJEFHb3FjMVZVzfOEP/A6Mg/WnH1pz7EAp+bgZ8vOC
5vNecLLiZKG6XoaDkHg2qoY6eps/te1Tpi0eeM7cBq4Qo6yND3ySq43kNdInYhPR
mFYzbiSwJaqlAQICg/k9vx9XG/F416pfyc8rRfFiQXrHGFutU66CS+jQ6J6eYxwp
SYSqNgzH9oDQmTkog8idaB6SKNCdLKyP6hZxRXQoYTEcVB7npJRADdvaS7tvQO+A
AukgXTk+okn4EJq/VylCQr3E+c7twLlmlWgL070sDN9pPJb9XVorW58ZVkvyNsN4
tF4Sb9tlwRD1clkXUbRYqB5TJUCBRv93+tsPubypC6gwU4UA+GyeaG9aiMIzlI2Q
wiVVZkgGF52RDoyZoQoDlvr5lycJuXRQ0OREcXsR/4tz7jCQzVnHSVKuQZ4MnqMf
pnhpx52xU5oeTXUGMT/lTj18dTz+CpP3j88XHn9VxtQ2ScFpBjA8Be7VQNwknLHK
NcH5bNazM50Ww56dYGcru9zoURcfg9rT33RsphGTnDOGhtk617Uf8nMnf5Z7EvdE
v897lK6pQw3MP3xwvsoE7Uho91gTpt0xjVCdtyzaWM4oSeTnT9w9j6j7GayR8gi3
sfmUL0kitwqz8tGp1qiUsXTn1tUihexAtaVtnwkbUAuvRWNWFn9QRPatrEtadK0E
gYd2iuk+nhURec2SBiz4
=FeBP
-----END PGP SIGNATURE-----
More information about the Oneiric-changes
mailing list