[Bug 1400775] Re: CVE-2014-8106 insufficient blit region check
This bug was fixed in the package qemu - 2.1+dfsg-7ubuntu5 --- qemu (2.1+dfsg-7ubuntu5) vivid; urgency=medium * SECURITY UPDATE: code execution via savevm data - debian/patches/CVE-2014-7840.patch: validate parameters in arch_init.c. - CVE-2014-7840 * SECURITY UPDATE: code execution via cirrus vga blit regions (LP: #1400775) - debian/patches/CVE-2014-8106.patch: properly validate blit regions in hw/display/cirrus_vga.c. - CVE-2014-8106 -- Marc Deslauriers marc.deslauri...@ubuntu.com Thu, 11 Dec 2014 14:11:52 -0500 ** Changed in: qemu (Ubuntu Vivid) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1400775 Title: CVE-2014-8106 insufficient blit region check To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1400775/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1400775] Re: CVE-2014-8106 insufficient blit region check
This bug was fixed in the package qemu - 2.1+dfsg-4ubuntu6.3 --- qemu (2.1+dfsg-4ubuntu6.3) utopic-security; urgency=medium * SECURITY UPDATE: code execution via savevm data - debian/patches/CVE-2014-7840.patch: validate parameters in arch_init.c. - CVE-2014-7840 * SECURITY UPDATE: code execution via cirrus vga blit regions (LP: #1400775) - debian/patches/CVE-2014-8106.patch: properly validate blit regions in hw/display/cirrus_vga.c. - CVE-2014-8106 -- Marc Deslauriers marc.deslauri...@ubuntu.com Wed, 10 Dec 2014 15:53:57 -0500 ** Changed in: qemu (Ubuntu Utopic) Status: Confirmed = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-7840 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-8106 ** Changed in: qemu-kvm (Ubuntu Lucid) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1400775 Title: CVE-2014-8106 insufficient blit region check To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1400775/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1400775] Re: CVE-2014-8106 insufficient blit region check
This bug was fixed in the package qemu-kvm - 0.12.3+noroms-0ubuntu9.26 --- qemu-kvm (0.12.3+noroms-0ubuntu9.26) lucid-security; urgency=medium * SECURITY UPDATE: code execution via cirrus vga blit regions (LP: #1400775) - debian/patches/CVE-2014-8106.patch: properly validate blit regions in hw/cirrus_vga.c. - CVE-2014-8106 -- Marc Deslauriers marc.deslauri...@ubuntu.com Wed, 10 Dec 2014 16:18:02 -0500 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1400775 Title: CVE-2014-8106 insufficient blit region check To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1400775/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1400775] Re: CVE-2014-8106 insufficient blit region check
This bug was fixed in the package qemu - 2.0.0+dfsg-2ubuntu1.9 --- qemu (2.0.0+dfsg-2ubuntu1.9) trusty-security; urgency=medium * SECURITY UPDATE: code execution via savevm data - debian/patches/CVE-2014-7840.patch: validate parameters in arch_init.c. - CVE-2014-7840 * SECURITY UPDATE: code execution via cirrus vga blit regions (LP: #1400775) - debian/patches/CVE-2014-8106.patch: properly validate blit regions in hw/display/cirrus_vga.c. - CVE-2014-8106 -- Marc Deslauriers marc.deslauri...@ubuntu.com Wed, 10 Dec 2014 16:00:51 -0500 ** Changed in: qemu (Ubuntu Trusty) Status: Confirmed = Fix Released ** Changed in: qemu-kvm (Ubuntu Precise) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1400775 Title: CVE-2014-8106 insufficient blit region check To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1400775/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1400775] Re: CVE-2014-8106 insufficient blit region check
This bug was fixed in the package qemu-kvm - 1.0+noroms-0ubuntu14.21 --- qemu-kvm (1.0+noroms-0ubuntu14.21) precise-security; urgency=medium * SECURITY UPDATE: code execution via savevm data - debian/patches/CVE-2014-7840.patch: validate parameters in arch_init.c. - CVE-2014-7840 * SECURITY UPDATE: code execution via cirrus vga blit regions (LP: #1400775) - debian/patches/CVE-2014-8106.patch: properly validate blit regions in hw/cirrus_vga.c. - CVE-2014-8106 -- Marc Deslauriers marc.deslauri...@ubuntu.com Wed, 10 Dec 2014 16:11:32 -0500 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1400775 Title: CVE-2014-8106 insufficient blit region check To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1400775/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1400775] Re: CVE-2014-8106 insufficient blit region check
** Also affects: qemu (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: qemu (Ubuntu Utopic) Importance: Undecided Status: New ** Also affects: qemu (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: qemu (Ubuntu Vivid) Importance: Undecided Status: New ** Also affects: qemu (Ubuntu Trusty) Importance: Undecided Status: New ** Changed in: qemu (Ubuntu Lucid) Status: New = Confirmed ** Changed in: qemu (Ubuntu Precise) Status: New = Confirmed ** Changed in: qemu (Ubuntu Trusty) Status: New = Confirmed ** Changed in: qemu (Ubuntu Utopic) Status: New = Confirmed ** Changed in: qemu (Ubuntu Vivid) Status: New = Confirmed ** Changed in: qemu (Ubuntu Trusty) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: qemu (Ubuntu Utopic) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: qemu (Ubuntu Vivid) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Also affects: qemu-kvm (Ubuntu) Importance: Undecided Status: New ** Changed in: qemu-kvm (Ubuntu Trusty) Status: New = Invalid ** Changed in: qemu-kvm (Ubuntu Utopic) Status: New = Invalid ** Changed in: qemu-kvm (Ubuntu Vivid) Status: New = Invalid ** Changed in: qemu (Ubuntu Lucid) Status: Confirmed = Invalid ** Changed in: qemu (Ubuntu Precise) Status: Confirmed = Invalid ** Changed in: qemu-kvm (Ubuntu Lucid) Status: New = Confirmed ** Changed in: qemu-kvm (Ubuntu Lucid) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: qemu-kvm (Ubuntu Precise) Status: New = Confirmed ** Changed in: qemu-kvm (Ubuntu Precise) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1400775 Title: CVE-2014-8106 insufficient blit region check To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1400775/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1400775] Re: CVE-2014-8106 insufficient blit region check
Made this public as the links to which it refers are public. ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1400775 Title: CVE-2014-8106 insufficient blit region check To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1400775/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs