[ubuntu/trusty-security] qemu 2.0.0+dfsg-2ubuntu1.26 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Thu Aug 4 18:07:54 UTC 2016 

qemu (2.0.0+dfsg-2ubuntu1.26) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS and possible host code execution in 53C9X Fast
    SCSI Controller
    - debian/patches/CVE-2016-4439.patch: check length in hw/scsi/esp.c.
    - CVE-2016-4439
  * SECURITY UPDATE: DoS in 53C9X Fast SCSI Controller
    - debian/patches/CVE-2016-4441.patch: check DMA length in
      hw/scsi/esp.c.
    - CVE-2016-4441
  * SECURITY UPDATE: infinite loop in vmware_vga
    - debian/patches/CVE-2016-4453.patch: limit fifo commands in
      hw/display/vmware_vga.c.
    - CVE-2016-4453
  * SECURITY UPDATE: DoS or host memory leakage in vmware_vga
    - debian/patches/CVE-2016-4454.patch: fix sanity checks in
      hw/display/vmware_vga.c.
    - CVE-2016-4454
  * SECURITY UPDATE: DoS in VMWARE PVSCSI paravirtual SCSI bus
    - debian/patches/CVE-2016-4952.patch: check command descriptor ring
      buffer size in hw/scsi/vmw_pvscsi.c.
    - CVE-2016-4952
  * SECURITY UPDATE: MegaRAID SAS 8708EM2 host memory leakage
    - debian/patches/CVE-2016-5105.patch: initialise local configuration
      data buffer in hw/scsi/megasas.c.
    - CVE-2016-5105
  * SECURITY UPDATE: DoS in MegaRAID SAS 8708EM2
    - debian/patches/CVE-2016-5106.patch: use appropriate property buffer
      size in hw/scsi/megasas.c.
    - CVE-2016-5106
  * SECURITY UPDATE: DoS in MegaRAID SAS 8708EM2
    - debian/patches/CVE-2016-5107.patch: check read_queue_head index
      value in hw/scsi/megasas.c.
    - CVE-2016-5107
  * SECURITY UPDATE: DoS or code execution via crafted iSCSI asynchronous
    I/O ioctl call
    - debian/patches/CVE-2016-5126.patch: avoid potential overflow in
      block/iscsi.c.
    - CVE-2016-5126
  * SECURITY UPDATE: DoS in 53C9X Fast SCSI Controller
    - debian/patches/CVE-2016-5238.patch: check buffer length before
      reading scsi command in hw/scsi/esp.c.
    - CVE-2016-5238
  * SECURITY UPDATE: MegaRAID SAS 8708EM2 host memory leakage
    - debian/patches/CVE-2016-5337.patch: null terminate bios version
      buffer in hw/scsi/megasas.c.
    - CVE-2016-5337
  * SECURITY UPDATE: DoS or code execution in 53C9X Fast SCSI Controller
    - debian/patches/CVE-2016-5338.patch: check TI buffer index in
      hw/scsi/esp.c.
    - CVE-2016-5338
  * SECURITY UPDATE: DoS via unbounded memory allocation
    - debian/patches/CVE-2016-5403.patch: check size in hw/virtio/virtio.c.
    - CVE-2016-5403
  * SECURITY UPDATE: oob write access while reading ESP command
    - debian/patches/CVE-2016-6351.patch: make cmdbuf big enough for
      maximum CDB size and handle migration in hw/scsi/esp.c,
      include/hw/scsi/esp.h, include/migration/vmstate.h.
    - CVE-2016-6351

qemu (2.0.0+dfsg-2ubuntu1.25) trusty; urgency=medium

  [Kai Storbeck]
  * backport patch to fix guest hangs after live migration (LP: #1297218)

Date: 2016-08-03 20:15:13.379754+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.26
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list