[ubuntu/xenial-proposed] qemu 1:2.5+dfsg-1ubuntu5 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Mon Feb 1 20:19:17 UTC 2016
qemu (1:2.5+dfsg-1ubuntu5) xenial; urgency=medium
* SECURITY UPDATE: paravirtualized drivers incautious about shared memory
contents
- debian/patches/CVE-2015-8550-1.patch: avoid double access in
hw/block/xen_blkif.h.
- debian/patches/CVE-2015-8550-2.patch: avoid reading twice in
hw/display/xenfb.c.
- CVE-2015-8550
* SECURITY UPDATE: infinite loop in ehci_advance_state
- debian/patches/CVE-2015-8558.patch: make idt processing more robust
in hw/usb/hcd-ehci.c.
- CVE-2015-8558
* SECURITY UPDATE: host memory leakage in vmxnet3
- debian/patches/CVE-2015-856x.patch: avoid memory leakage in
hw/net/vmxnet3.c.
- CVE-2015-8567
- CVE-2015-8568
* SECURITY UPDATE: buffer overflow in megasas_ctrl_get_info
- debian/patches/CVE-2015-8613.patch: initialise info object with
appropriate size in hw/scsi/megasas.c.
- CVE-2015-8613
* SECURITY UPDATE: DoS via Human Monitor Interface
- debian/patches/CVE-2015-8619.patch: fix sendkey out of bounds write
in hmp.c, include/ui/console.h, ui/input-legacy.c.
- CVE-2015-8619
* SECURITY UPDATE: incorrect array bounds check in rocker
- debian/patches/CVE-2015-8701.patch: fix an incorrect array bounds
check in hw/net/rocker/rocker.c.
- CVE-2015-8701
* SECURITY UPDATE: ne2000 OOB r/w in ioport operations
- debian/patches/CVE-2015-8743.patch: fix bounds check in ioport
operations in hw/net/ne2000.c.
- CVE-2015-8743
* SECURITY UPDATE: ahci use-after-free vulnerability in aio port commands
- debian/patches/CVE-2016-1568.patch: reset ncq object to unused on
error in hw/ide/ahci.c.
- CVE-2016-1568
* SECURITY UPDATE: DoS via null pointer dereference in vapic_write()
- debian/patches/CVE-2016-1922.patch: avoid null pointer dereference in
hw/i386/kvmvapic.c.
- CVE-2016-1922
* SECURITY UPDATE: e1000 infinite loop
- debian/patches/CVE-2016-1981.patch: eliminate infinite loops on
out-of-bounds transfer start in hw/net/e1000.c
- CVE-2016-1981
* SECURITY UPDATE: AHCI NULL pointer dereference when using FIS CLB
engines
- debian/patches/CVE-2016-2197.patch: add check before calling
dma_memory_unmap in hw/ide/ahci.c.
- CVE-2016-2197
* SECURITY UPDATE: ehci null pointer dereference in ehci_caps_write
- debian/patches/CVE-2016-2198.patch: add capability mmio write
function in hw/usb/hcd-ehci.c.
- CVE-2016-2198
Date: Mon, 01 Feb 2016 09:39:01 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-1ubuntu5
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 01 Feb 2016 09:39:01 -0500
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm qemu-system-aarch64
Architecture: source
Version: 1:2.5+dfsg-1ubuntu5
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
qemu - fast processor emulator
qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization
qemu-system - QEMU full system emulation binaries
qemu-system-aarch64 - QEMU full system emulation binaries (aarch64)
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Changes:
qemu (1:2.5+dfsg-1ubuntu5) xenial; urgency=medium
.
* SECURITY UPDATE: paravirtualized drivers incautious about shared memory
contents
- debian/patches/CVE-2015-8550-1.patch: avoid double access in
hw/block/xen_blkif.h.
- debian/patches/CVE-2015-8550-2.patch: avoid reading twice in
hw/display/xenfb.c.
- CVE-2015-8550
* SECURITY UPDATE: infinite loop in ehci_advance_state
- debian/patches/CVE-2015-8558.patch: make idt processing more robust
in hw/usb/hcd-ehci.c.
- CVE-2015-8558
* SECURITY UPDATE: host memory leakage in vmxnet3
- debian/patches/CVE-2015-856x.patch: avoid memory leakage in
hw/net/vmxnet3.c.
- CVE-2015-8567
- CVE-2015-8568
* SECURITY UPDATE: buffer overflow in megasas_ctrl_get_info
- debian/patches/CVE-2015-8613.patch: initialise info object with
appropriate size in hw/scsi/megasas.c.
- CVE-2015-8613
* SECURITY UPDATE: DoS via Human Monitor Interface
- debian/patches/CVE-2015-8619.patch: fix sendkey out of bounds write
in hmp.c, include/ui/console.h, ui/input-legacy.c.
- CVE-2015-8619
* SECURITY UPDATE: incorrect array bounds check in rocker
- debian/patches/CVE-2015-8701.patch: fix an incorrect array bounds
check in hw/net/rocker/rocker.c.
- CVE-2015-8701
* SECURITY UPDATE: ne2000 OOB r/w in ioport operations
- debian/patches/CVE-2015-8743.patch: fix bounds check in ioport
operations in hw/net/ne2000.c.
- CVE-2015-8743
* SECURITY UPDATE: ahci use-after-free vulnerability in aio port commands
- debian/patches/CVE-2016-1568.patch: reset ncq object to unused on
error in hw/ide/ahci.c.
- CVE-2016-1568
* SECURITY UPDATE: DoS via null pointer dereference in vapic_write()
- debian/patches/CVE-2016-1922.patch: avoid null pointer dereference in
hw/i386/kvmvapic.c.
- CVE-2016-1922
* SECURITY UPDATE: e1000 infinite loop
- debian/patches/CVE-2016-1981.patch: eliminate infinite loops on
out-of-bounds transfer start in hw/net/e1000.c
- CVE-2016-1981
* SECURITY UPDATE: AHCI NULL pointer dereference when using FIS CLB
engines
- debian/patches/CVE-2016-2197.patch: add check before calling
dma_memory_unmap in hw/ide/ahci.c.
- CVE-2016-2197
* SECURITY UPDATE: ehci null pointer dereference in ehci_caps_write
- debian/patches/CVE-2016-2198.patch: add capability mmio write
function in hw/usb/hcd-ehci.c.
- CVE-2016-2198
Checksums-Sha1:
576514a761fa97351a4b2a3a02cd7d3c8b5c7756 6126 qemu_2.5+dfsg-1ubuntu5.dsc
3e422a7692ccafbf9ef1b7d8b766769a49e47e9a 81640 qemu_2.5+dfsg-1ubuntu5.debian.tar.xz
Checksums-Sha256:
d8bf057b0be013a1ba0d5e41bb34ead5fb231fa4fd96f645906f42e765798d9f 6126 qemu_2.5+dfsg-1ubuntu5.dsc
53d93313b0e1f492276cd9a453521baa0244df940951830e4f304e4f2ba8569c 81640 qemu_2.5+dfsg-1ubuntu5.debian.tar.xz
Files:
3d474d20529ac7bef30cdba8947e8c66 6126 otherosfs optional qemu_2.5+dfsg-1ubuntu5.dsc
a2635ac9044a4d237b5e9d3b092ccf31 81640 otherosfs optional qemu_2.5+dfsg-1ubuntu5.debian.tar.xz
Original-Maintainer: Debian QEMU Team <pkg-qemu-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWr70DAAoJEGVp2FWnRL6Tg2IQAIMFETGnT8A61SUXJaH1LWry
xvX/9XhDB/luLqAoRBisb/D669Ncf40w9Mxq0NDjIv9ocsSOZ9Z5bZbZBXVmTXA+
ngwVbz8P+qpYISkYOOwGL8rF0ffHwz8ZNMkq7O7OfdHB8YLEFqWiqEGnp5LYsOXl
vdATe5QXeVa0RACXIOIOT5d6y7Ov/jAoq37an0BGsj8UjwD1Vg5d6KmZtkhkQXs9
NFd6KS2qwcPTsWmQUfcR+zR543c+LviUg4u84vGOaOhtdGwrUv42wxvOnwywH/nP
3XTpeitylQ8MDB4SPfBvKQCjwMsgQKa3WLVy/xAb8fXHft/4juSFvjzwekyk4yXa
6WS00sAb0+w6139ZdnE+X7GMLzvCAgnq4SoeGQeD34oT6hS9/ZD678BSjsu2UZJP
a1j05SEuadhfFcpe0WfZHwfICEUBWg2EVpwjqUm5kGbaZFBan5q/x1d1uy+f1Q2g
dN6+wTFDefEoCQbGC2aRCmnP3iomKH/R+3xIqfCajJxrKncfwp00AckPYTqxgxt/
mak/K4Ll7HqhaA92TAo5t3UfwXzr14oHX/egaMB/JR2YgJ10AEhky7GPohwViM6G
1e6kCPmX3BT/8q2oTHWar0U5WfhGZb0dWqtw85NAmK0gwv6b8O/+w69YmdYx5+H9
bdIxPO6rdXEsh0gmPf5r
=32oF
-----END PGP SIGNATURE-----
More information about the Xenial-changes
mailing list