[ubuntu/xenial-security] qemu 1:2.5+dfsg-5ubuntu10.48 (Accepted)

[Marc Deslauriers]

qemu (1:2.5+dfsg-5ubuntu10.48) xenial-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in sdhci_sdma_transfer_multi_blocks()
    - debian/patches/CVE-2020-17380.patch: fix DMA Transfer Block Size
      field in hw/sd/sdhci.c.
    - CVE-2020-17380
    - CVE-2020-25085
  * SECURITY UPDATE: use-after-free via unchecked return value
    - debian/patches/CVE-2020-25084.patch: check return value of
      'usb_packet_map' in hw/usb/hcd-xhci.c.
    - CVE-2020-25084
  * SECURITY UPDATE: out-of-bound access issue
    - debian/patches/CVE-2020-25624.patch: check len and frame_number
      variables in hw/usb/hcd-ohci.c.
    - CVE-2020-25624
  * SECURITY UPDATE: infinite loop when a TD list has a loop
    - debian/patches/CVE-2020-25625.patch: check for processed TD before
      retire in hw/usb/hcd-ohci.c.
    - CVE-2020-25625
  * SECURITY UPDATE: assertion failure through usb_packet_unmap()
    - debian/patches/CVE-2020-25723.patch: check return value of
      'usb_packet_map' in hw/usb/hcd-ehci.c.
    - CVE-2020-25723
  * SECURITY UPDATE: assertion failure
    - debian/patches/CVE-2020-27617.patch: remove an assert call in
      eth_get_gso_type in net/eth.c.
    - CVE-2020-27617

qemu (1:2.5+dfsg-5ubuntu10.47) xenial; urgency=medium

  * d/p/u/lp-1894942-*: fix virtio-ccw host/guest notification (LP: #1894942)

Date: 2020-11-23 13:05:13.841123+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.48
-------------- next part --------------
Sorry, changesfile not available.