[Bug 1820291] Re: fsfreeze-hook script is misplaced in qemu-guest-agent

[Launchpad Bug Tracker]

This bug was fixed in the package qemu - 1:2.12+dfsg-3ubuntu8.6

---------------
qemu (1:2.12+dfsg-3ubuntu8.6) cosmic-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: multiple pvrdma security issues
    - debian/patches/split_pvrdma.patch: split PVRDMA from RDMA in
      configure, hw/rdma/Makefile.objs.
    - debian/control*: completely disable pvrdma to fix security issues
    - CVE-2018-20123
    - CVE-2018-20124
    - CVE-2018-20125
    - CVE-2018-20126
    - CVE-2018-20191
    - CVE-2018-20216
  * SECURITY UPDATE: path traversal issue in MTP
    - debian/patches/CVE-2018-16867.patch: check for slash in
      hw/usb/dev-mtp.c.
    - CVE-2018-16867
  * SECURITY UPDATE: TOCTTOU in MTP
    - debian/patches/CVE-2018-16872.patch: use O_NOFOLLOW and O_CLOEXEC in
      hw/usb/dev-mtp.c.
    - CVE-2018-16872
  * SECURITY UPDATE: race during file renaming in v9fs_wstat
    - debian/patches/CVE-2018-19489.patch: add locks to hw/9pfs/9p.c.
    - CVE-2018-19489
  * SECURITY UPDATE: out-of-bounds read via i2 commands
    - debian/patches/CVE-2019-3812.patch: add bounds check to
      hw/i2c/i2c-ddc.c.
    - CVE-2019-3812
  * SECURITY UPDATE: heap based buffer overflow in slirp
    - debian/patches/CVE-2019-6778.patch: check data length while emulating
      ident function in slirp/tcp_subr.c.
    - CVE-2019-6778

  [ Christian Ehrhardt ]
  * qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291)
    - d/qemu-guest-agent.install: use correct path for fsfreeze-hook
    - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
      mv_conffile since the new path is a directory in the old package
      version which can not be handled by mv_conffile

 -- Marc Deslauriers <marc.deslauri...@ubuntu.com>  Mon, 25 Mar 2019
08:37:14 -0400

** Changed in: qemu (Ubuntu Cosmic)
       Status: Triaged => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16867

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16872

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-19489

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20123

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20124

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20125

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20126

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20191

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20216

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-6778

** Changed in: qemu (Ubuntu Bionic)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1820291

Title:
  fsfreeze-hook script is misplaced in qemu-guest-agent

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1820291/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs