This bug was fixed in the package qemu - 2.0.0+dfsg-2ubuntu1.34
---------------
qemu (2.0.0+dfsg-2ubuntu1.34) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via leak in virtFS
- debian/patches/CVE-2017-7377.patch: fix file descriptor leak in
hw/9pfs/virtio-9p.c.
- CVE-2017-7377
* SECURITY UPDATE: denial of service in cirrus_vga
- debian/patches/CVE-2017-7718.patch: check parameters in
hw/display/cirrus_vga_rop.h.
- CVE-2017-7718
* SECURITY UPDATE: code execution via cirrus_vga OOB r/w
- debian/patches/CVE-2017-7980-1.patch: handle negative pitch in
hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-2.patch: allow zero source pitch in
hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-3.patch: fix blit address mask handling
in hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-4.patch: fix patterncopy checks in
hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-5.patch: revert allow zero source pitch
in hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-6.patch: stop passing around dst
pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
hw/display/cirrus_vga_rop2.h.
- debian/patches/CVE-2017-7980-7.patch: stop passing around src
pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
hw/display/cirrus_vga_rop2.h.
- debian/patches/CVE-2017-7980-8.patch: fix off-by-one in
hw/display/cirrus_vga_rop.h.
- debian/patches/CVE-2017-7980-9.patch: fix cirrus_invalidate_region in
hw/display/cirrus_vga.c.
- CVE-2017-7980
* SECURITY UPDATE: denial of service via memory leak in virtFS
- debian/patches/CVE-2017-8086.patch: fix leak in
hw/9pfs/virtio-9p-xattr.c.
- CVE-2017-8086
* SECURITY UPDATE: denial of service via leak in audio
- debian/patches/CVE-2017-8309.patch: release capture buffers in
audio/audio.c.
- CVE-2017-8309
* SECURITY UPDATE: denial of service via leak in keyboard
- debian/patches/CVE-2017-8379-1.patch: limit kbd queue depth in
ui/input.c.
- debian/patches/CVE-2017-8379-2.patch: don't queue delay if paused in
ui/input.c.
- CVE-2017-8379
* SECURITY REGRESSION: Windows 7 VGA compatibility issue (LP: #1581936)
- debian/patches/lp1581936.patch: add sr_vbe register set to
hw/display/vga.c, hw/display/vga_int.h.
-- Marc Deslauriers <[email protected]> Wed, 10 May 2017
15:50:30 -0400
** Changed in: qemu (Ubuntu Trusty)
Status: Triaged => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-7377
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-7718
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-7980
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-8086
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-8309
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-8379
** Changed in: qemu (Ubuntu Xenial)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1581936
Title:
Frozen Windows 7 VMs with VGA CVE-2016-3712 fix (2.6.0 and 2.5.1.1)
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1581936/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
