kvm (1:62+dfsg-0ubuntu3) hardy; urgency=low
[ Jamie Strandboge ]
* debian/patches/SECURITY_CVE-2007-1320+1321+1322+1366+2893.patch
based on 90_security.patch from qemu 0.9.1-1ubuntu1. Please note that
CVE-2007-2893 is also known as CVE-2007-1323, and CVE-2007-5729 and
CVE-2007-5730 are known as CVE-2007-1321 in Debian. This patch addresses
the following:
- Cirrus LGD-54XX "bitblt" heap overflow.
- NE2000 "mtu" heap overflow.
- QEMU "net socket" heap overflow.
- QEMU NE2000 "receive" integer signedness error.
- Infinite loop in the emulated SB16 device.
- Unprivileged "aam" instruction does not correctly handle the
undocumented divisor operand.
- Unprivileged "icebp" instruction will halt emulation.
* debian/patches/SECURITY_CVE-2008-0928.patch: perform range checks on
block device read and write requests
* References
CVE-2007-1320
CVE-2007-1321
CVE-2007-1322
CVE-2007-1323
CVE-2007-1366
CVE-2007-2893
CVE-2007-5729
CVE-2007-5730
CVE-2008-0928
[ Soren Hansen ]
* debian/patches/extboot-geometry.patch:
- Apply extboot patch from Anthony Liguori that fixes CHS information
being calculated incorrectly, which seems to upset grub from time to time.
-- Soren Hansen < [EMAIL PROTECTED] > Thu, 10 Apr 2008 16:35:09 +0000
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-1323
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-5729
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-5730
** Changed in: kvm (Ubuntu)
Status: In Progress => Fix Released
--
kvm vulnerable to several CVEs
https://bugs.launchpad.net/bugs/213570
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
