[ubuntu/vivid-security] qemu 1:2.2+dfsg-5expubuntu9.4 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Thu Aug 27 11:19:22 UTC 2015

qemu (1:2.2+dfsg-5expubuntu9.4) vivid-security; urgency=medium

  * SECURITY UPDATE: process heap memory disclosure
    - debian/patches/CVE-2015-5165.patch: check sizes in hw/net/rtl8139.c.
    - CVE-2015-5165
  * SECURITY UPDATE: privilege escalation via block device unplugging
    - debian/patches/CVE-2015-5166.patch: properly unhook from BlockBackend
      in hw/ide/piix.c.
    - CVE-2015-5166
  * SECURITY UPDATE: privilege escalation via memory corruption in vnc
    - debian/patches/CVE-2015-5225.patch: use bytes per scanline to apply
      limits in ui/vnc.c.
    - CVE-2015-5225
  * SECURITY UPDATE: denial of service via virtio-serial
    - debian/patches/CVE-2015-5745.patch: don't assume a specific layout
      for control messages in hw/char/virtio-serial-bus.c.
    - CVE-2015-5745

Date: 2015-08-25 17:41:14.829742+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Vivid-changes mailing list