[ubuntu/precise-security] qemu-kvm 1.0+noroms-0ubuntu14.28 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu May 12 14:03:44 UTC 2016
qemu-kvm (1.0+noroms-0ubuntu14.28) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via multiple eof_timers in ohci
- debian/patches/CVE-2016-2391.patch: allocate timer only once in
hw/usb-ohci.c.
- CVE-2016-2391
* SECURITY UPDATE: denial of service in in remote NDIS control message
handling
- debian/patches/CVE-2016-2392.patch: check USB configuration
descriptor object in hw/usb-net.c.
- CVE-2016-2392
* SECURITY UPDATE: denial of service or host information leak in USB Net
device emulation support
- debian/patches/CVE-2016-2538.patch: check RNDIS buffer offsets and
length in hw/usb-net.c.
- CVE-2016-2538
* SECURITY UPDATE: denial of service via infinite loop in ne2000
- debian/patches/CVE-2016-2841.patch: heck ring buffer control
registers in hw/ne2000.c.
- CVE-2016-2841
* SECURITY UPDATE: denial of service via payload length in crafted packet
- debian/patches/CVE-2016-2857.patch: check packet payload length in
net/checksum.c.
- CVE-2016-2857
* SECURITY UPDATE: arbitrary host code execution via VGA module
- debian/patches/CVE-2016-3710.patch: fix banked access bounds checking
in hw/vga.c.
- CVE-2016-3710
* SECURITY UPDATE: denial of service via VGA module
- debian/patches/CVE-2016-3712.patch: make sure vga register setup for
vbe stays intact in hw/vga.c.
- CVE-2016-3712
* SECURITY UPDATE: denial of service in Luminary Micro Stellaris Ethernet
- debian/patches/CVE-2016-4001.patch: check packet length against
receive buffer in hw/stellaris_enet.c.
- CVE-2016-4001
* SECURITY UPDATE: denial of sevice and possible code execution in
MIPSnet
- debian/patches/CVE-2016-4002.patch: check size in hw/mipsnet.c.
- CVE-2016-4002
* SECURITY UPDATE: denial of service via infinite loop in in usb_ehci
- debian/patches/CVE-2016-4037.patch: apply limit to iTD/sidt
descriptors in hw/usb-ehci.c.
- CVE-2016-4037
Date: 2016-05-11 14:18:19.175363+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.28
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list