[ubuntu/wily-security] qemu 1:2.3+dfsg-5ubuntu9.2 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Feb 3 12:34:49 UTC 2016
qemu (1:2.3+dfsg-5ubuntu9.2) wily-security; urgency=medium
* SECURITY UPDATE: msi-x null pointer dereference
- debian/patches/CVE-2015-7549.patch: implement pba write in
hw/pci/msix.c.
- CVE-2015-7549
* SECURITY UPDATE: vnc floating point exception
- debian/patches/CVE-2015-8504.patch: handle zero values in ui/vnc.c.
- CVE-2015-8504
* SECURITY UPDATE: paravirtualized drivers incautious about shared memory
contents
- debian/patches/CVE-2015-8550-1.patch: avoid double access in
hw/block/xen_blkif.h.
- debian/patches/CVE-2015-8550-2.patch: avoid reading twice in
hw/display/xenfb.c.
- CVE-2015-8550
* SECURITY UPDATE: infinite loop in ehci_advance_state
- debian/patches/CVE-2015-8558.patch: make idt processing more robust
in hw/usb/hcd-ehci.c.
- CVE-2015-8558
* SECURITY UPDATE: host memory leakage in vmxnet3
- debian/patches/CVE-2015-856x.patch: avoid memory leakage in
hw/net/vmxnet3.c.
- CVE-2015-8567
- CVE-2015-8568
* SECURITY UPDATE: buffer overflow in megasas_ctrl_get_info
- debian/patches/CVE-2015-8613.patch: initialise info object with
appropriate size in hw/scsi/megasas.c.
- CVE-2015-8613
* SECURITY UPDATE: DoS via Human Monitor Interface
- debian/patches/CVE-2015-8619.patch: fix sendkey out of bounds write
in hmp.c, include/ui/console.h, ui/input-legacy.c.
- CVE-2015-8619
* SECURITY UPDATE: buffer overrun during VM migration
- debian/patches/CVE-2015-8666.patch: handle full length bytes in
hw/acpi/core.c.
- CVE-2015-8666
* SECURITY UPDATE: ne2000 OOB r/w in ioport operations
- debian/patches/CVE-2015-8743.patch: fix bounds check in ioport
operations in hw/net/ne2000.c.
- CVE-2015-8743
* SECURITY UPDATE: incorrect l2 header validation in vmxnet3
- debian/patches/CVE-2015-8744.patch: properly validate header in
hw/net/vmxnet3.c, hw/net/vmxnet_tx_pkt.c.
- CVE-2015-8744
* SECURITY UPDATE: crash via reading IMR registers in vmxnet3
- debian/patches/CVE-2015-8745.patch: support reading IMR registers in
hw/net/vmxnet3.c.
- CVE-2015-8745
* SECURITY UPDATE: ahci use-after-free vulnerability in aio port commands
- debian/patches/CVE-2016-1568.patch: reset ncq object to unused on
error in hw/ide/ahci.c.
- CVE-2016-1568
* SECURITY UPDATE: firmware configuration device OOB rw access
- debian/patches/CVE-2016-1714.patch: avoid calculating invalid current
entry pointer in hw/nvram/fw_cfg.c.
- CVE-2016-1714
* SECURITY UPDATE: DoS via null pointer dereference in vapic_write()
- debian/patches/CVE-2016-1922.patch: avoid null pointer dereference in
hw/i386/kvmvapic.c.
- CVE-2016-1922
* SECURITY UPDATE: e1000 infinite loop
- debian/patches/CVE-2016-1981.patch: eliminate infinite loops on
out-of-bounds transfer start in hw/net/e1000.c
- CVE-2016-1981
* SECURITY UPDATE: AHCI NULL pointer dereference when using FIS CLB
engines
- debian/patches/CVE-2016-2197.patch: add check before calling
dma_memory_unmap in hw/ide/ahci.c.
- CVE-2016-2197
* SECURITY UPDATE: ehci null pointer dereference in ehci_caps_write
- debian/patches/CVE-2016-2198.patch: add capability mmio write
function in hw/usb/hcd-ehci.c.
- CVE-2016-2198
Date: 2016-02-02 12:16:13.201440+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/qemu/1:2.3+dfsg-5ubuntu9.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Wily-changes
mailing list