[ubuntu/vivid-proposed] qemu 2.1+dfsg-4ubuntu9 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Nov 13 15:07:14 UTC 2014 

qemu (2.1+dfsg-4ubuntu9) vivid; urgency=medium

  * SECURITY UPDATE: information disclosure via vga driver
    - debian/patches/CVE-2014-3615.patch: return the correct memory size,
      sanity check register writes, and don't use fixed buffer sizes in
      hw/display/qxl.c, hw/display/vga.c, hw/display/vga_int.h,
      ui/spice-display.c.
    - CVE-2014-3615
  * SECURITY UPDATE: denial of service via slirp NULL pointer deref
    - debian/patches/CVE-2014-3640.patch: make sure socket is not just a
      stub in slirp/udp.c.
    - CVE-2014-3640
  * SECURITY UPDATE: possible privilege escalation via vmware-vga driver
    - debian/patches/CVE-2014-3689.patch: verify rectangles in
      hw/display/vmware_vga.c.
    - CVE-2014-3689
  * SECURITY UPDATE: denial of service via VNC console
    - debian/patches/CVE-2014-7815.patch: validate bits_per_pixel in
      ui/vnc.c.
    - CVE-2014-7815

Date: Thu, 13 Nov 2014 07:31:03 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/qemu/2.1+dfsg-4ubuntu9
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 13 Nov 2014 07:31:03 -0500
Source: qemu
Binary: qemu qemu-system qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm qemu-system-aarch64
Architecture: source
Version: 2.1+dfsg-4ubuntu9
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 qemu       - fast processor emulator
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization
 qemu-system - QEMU full system emulation binaries
 qemu-system-aarch64 - QEMU full system emulation binaries (aarch64)
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Changes:
 qemu (2.1+dfsg-4ubuntu9) vivid; urgency=medium
 .
   * SECURITY UPDATE: information disclosure via vga driver
     - debian/patches/CVE-2014-3615.patch: return the correct memory size,
       sanity check register writes, and don't use fixed buffer sizes in
       hw/display/qxl.c, hw/display/vga.c, hw/display/vga_int.h,
       ui/spice-display.c.
     - CVE-2014-3615
   * SECURITY UPDATE: denial of service via slirp NULL pointer deref
     - debian/patches/CVE-2014-3640.patch: make sure socket is not just a
       stub in slirp/udp.c.
     - CVE-2014-3640
   * SECURITY UPDATE: possible privilege escalation via vmware-vga driver
     - debian/patches/CVE-2014-3689.patch: verify rectangles in
       hw/display/vmware_vga.c.
     - CVE-2014-3689
   * SECURITY UPDATE: denial of service via VNC console
     - debian/patches/CVE-2014-7815.patch: validate bits_per_pixel in
       ui/vnc.c.
     - CVE-2014-7815
Checksums-Sha1:
 6f4e36a349de503542ba3bfd12bef41e07547525 5783 qemu_2.1+dfsg-4ubuntu9.dsc
 69bb0db86036eb34d7d416a36eef2cee8765339a 76080 qemu_2.1+dfsg-4ubuntu9.debian.tar.xz
Checksums-Sha256:
 6239e58560711e07c94274d0f072ea76444075681b075616052192d2d3b2a00a 5783 qemu_2.1+dfsg-4ubuntu9.dsc
 f0b4801c588d341a9f3a8fe2c3f3e4de8d0781ed6985984154a020fd63b8a51e 76080 qemu_2.1+dfsg-4ubuntu9.debian.tar.xz
Files:
 24d4306e244dfa7c46373c936c8ed87f 5783 otherosfs optional qemu_2.1+dfsg-4ubuntu9.dsc
 3167b7d82f432b06f6c3f42385c0766f 76080 otherosfs optional qemu_2.1+dfsg-4ubuntu9.debian.tar.xz
Original-Maintainer: Debian QEMU Team <pkg-qemu-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUZK28AAoJEGVp2FWnRL6TVm4P/1v+8vbk6JeSm5qmwGNDm/8A
XTo81CDDGaz24awdK5oZ5XhEZgENCsFwGdJ/AodYPuQJuvjPE8CP4O14IBBlsM3z
j0o72vRpkwhUpczmZKVp2xRBkG/JaVWis+4a9T4XINSN57axAJwxf1hjqQmLtgnB
2zhmdj/qXyhRDq14gcWbphTGZuJE8JyR1i5SecbjRrjDFKOyZAQGt8/ofgyFyhrs
fptNY/2q+fchvcZf2QtK8sIocQWxQuI/8ERu2eB9hsu4d5CcHINM24tlf1zXNjXK
T7vmAotm1NyffZcSoH/LSTo5dSMMUcdHVRfiM4IA0uqNjY7BzFn0jqpLzoCimr5+
p3DnhijVHy4PDHAyDyBbEmmZPB3Sb6dePrjAxNAuSDI3gNZfnbzAIQRIJYSm4LMj
JWA9FXmYldDT2q4Dsqe0Hx5qfAdo+MybMpCZ4BCwCXsPl4zjHuW3gIWYufMCJtvH
rG7VRGmSPfvyo0lVIsM/VOTc2HyRaNVUIWkaxepC8cnfeTA9gwPJkhrZeqEP1zVT
eA/wRRKxjNOpwiFFDa9u04pFj0J1DmAD0vopD+ukkCKJlvQK+KHc38SxpYR2vhRs
JgPcemcg8KB/1iP5tLsjSCSdSVPmgbdCKPnpri7/IVqOqh0zhWJzbnsAwbLH2Nsq
u86qjcM5Nv2uSnfXc2go
=WNeS
-----END PGP SIGNATURE-----

More information about the Vivid-changes mailing list