Call for testing: QEMU security updates

Marc Deslauriers marc.deslauriers at canonical.com
Thu Aug 14 18:33:15 UTC 2014 

Hi,

I have pushed updated qemu-kvm packages for Ubuntu 10.04 LTS and Ubuntu 12.04
LTS, and qemu packages for Ubuntu 14.04 LTS into the -proposed pocket.

These packages fix a very large number of security issues regarding image format
validation and state loading. Due to the large number of patches, I would
appreciate getting additional testing from people who run qemu in various
environments.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed.

Please report any issues in the tracking bug:
https://launchpad.net/bugs/1357018

If no issues are reported, I plan on releasing the packages as security
updates in a couple of weeks.

Here is the list of CVEs fixed in each release:

10.04 LTS:
CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146,
CVE-2014-0147, CVE-2013-4148, CVE-2013-4151, CVE-2013-4530, CVE-2013-4531,
CVE-2013-4533, CVE-2013-4534, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539,
CVE-2013-4540, CVE-2013-6399, CVE-2014-0182, CVE-2014-0222, CVE-2014-0223

12.04 LTS:
CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146,
CVE-2014-0147, CVE-2013-4148, CVE-2013-4151, CVE-2013-4527, CVE-2013-4529,
CVE-2013-4530, CVE-2013-4531, CVE-2013-4532, CVE-2013-4533, CVE-2013-4534,
CVE-2013-4535, CVE-2013-4536, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539,
CVE-2013-4540, CVE-2013-4541, CVE-2013-6399, CVE-2014-0182, CVE-2014-0222,
CVE-2014-0223, CVE-2014-3461

14.04 LTS:
CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4526,
CVE-2013-4527, CVE-2013-4529, CVE-2013-4530, CVE-2013-4531, CVE-2013-4532,
CVE-2013-4533, CVE-2013-4534, CVE-2013-4535, CVE-2013-4536, CVE-2013-4537,
CVE-2013-4538, CVE-2013-4539, CVE-2013-4540, CVE-2013-4541, CVE-2013-4542,
CVE-2013-6399, CVE-2014-0182, CVE-2014-0222, CVE-2014-0223, CVE-2014-3461,
CVE-2014-3471

Thanks,

Marc.

-- 
Marc Deslauriers
Ubuntu Security Engineer     | http://www.ubuntu.com/
Canonical Ltd.               | http://www.canonical.com/

More information about the ubuntu-server mailing list