qemu (1:2.5+dfsg-1ubuntu5) xenial; urgency=medium * SECURITY UPDATE: paravirtualized drivers incautious about shared memory contents - debian/patches/CVE-2015-8550-1.patch: avoid double access in hw/block/xen_blkif.h. - debian/patches/CVE-2015-8550-2.patch: avoid reading twice in hw/display/xenfb.c. - CVE-2015-8550 * SECURITY UPDATE: infinite loop in ehci_advance_state - debian/patches/CVE-2015-8558.patch: make idt processing more robust in hw/usb/hcd-ehci.c. - CVE-2015-8558 * SECURITY UPDATE: host memory leakage in vmxnet3 - debian/patches/CVE-2015-856x.patch: avoid memory leakage in hw/net/vmxnet3.c. - CVE-2015-8567 - CVE-2015-8568 * SECURITY UPDATE: buffer overflow in megasas_ctrl_get_info - debian/patches/CVE-2015-8613.patch: initialise info object with appropriate size in hw/scsi/megasas.c. - CVE-2015-8613 * SECURITY UPDATE: DoS via Human Monitor Interface - debian/patches/CVE-2015-8619.patch: fix sendkey out of bounds write in hmp.c, include/ui/console.h, ui/input-legacy.c. - CVE-2015-8619 * SECURITY UPDATE: incorrect array bounds check in rocker - debian/patches/CVE-2015-8701.patch: fix an incorrect array bounds check in hw/net/rocker/rocker.c. - CVE-2015-8701 * SECURITY UPDATE: ne2000 OOB r/w in ioport operations - debian/patches/CVE-2015-8743.patch: fix bounds check in ioport operations in hw/net/ne2000.c. - CVE-2015-8743 * SECURITY UPDATE: ahci use-after-free vulnerability in aio port commands - debian/patches/CVE-2016-1568.patch: reset ncq object to unused on error in hw/ide/ahci.c. - CVE-2016-1568 * SECURITY UPDATE: DoS via null pointer dereference in vapic_write() - debian/patches/CVE-2016-1922.patch: avoid null pointer dereference in hw/i386/kvmvapic.c. - CVE-2016-1922 * SECURITY UPDATE: e1000 infinite loop - debian/patches/CVE-2016-1981.patch: eliminate infinite loops on out-of-bounds transfer start in hw/net/e1000.c - CVE-2016-1981 * SECURITY UPDATE: AHCI NULL pointer dereference when using FIS CLB engines - debian/patches/CVE-2016-2197.patch: add check before calling dma_memory_unmap in hw/ide/ahci.c. - CVE-2016-2197 * SECURITY UPDATE: ehci null pointer dereference in ehci_caps_write - debian/patches/CVE-2016-2198.patch: add capability mmio write function in hw/usb/hcd-ehci.c. - CVE-2016-2198
Date: Mon, 01 Feb 2016 09:39:01 -0500 Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com> Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-1ubuntu5
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 01 Feb 2016 09:39:01 -0500 Source: qemu Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm qemu-system-aarch64 Architecture: source Version: 1:2.5+dfsg-1ubuntu5 Distribution: xenial Urgency: medium Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com> Description: qemu - fast processor emulator qemu-block-extra - extra block backend modules for qemu-system and qemu-utils qemu-guest-agent - Guest-side qemu-system agent qemu-kvm - QEMU Full virtualization qemu-system - QEMU full system emulation binaries qemu-system-aarch64 - QEMU full system emulation binaries (aarch64) qemu-system-arm - QEMU full system emulation binaries (arm) qemu-system-common - QEMU full system emulation binaries (common files) qemu-system-mips - QEMU full system emulation binaries (mips) qemu-system-misc - QEMU full system emulation binaries (miscelaneous) qemu-system-ppc - QEMU full system emulation binaries (ppc) qemu-system-sparc - QEMU full system emulation binaries (sparc) qemu-system-x86 - QEMU full system emulation binaries (x86) qemu-user - QEMU user mode emulation binaries qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user qemu-user-static - QEMU user mode emulation binaries (static version) qemu-utils - QEMU utilities Changes: qemu (1:2.5+dfsg-1ubuntu5) xenial; urgency=medium . * SECURITY UPDATE: paravirtualized drivers incautious about shared memory contents - debian/patches/CVE-2015-8550-1.patch: avoid double access in hw/block/xen_blkif.h. - debian/patches/CVE-2015-8550-2.patch: avoid reading twice in hw/display/xenfb.c. - CVE-2015-8550 * SECURITY UPDATE: infinite loop in ehci_advance_state - debian/patches/CVE-2015-8558.patch: make idt processing more robust in hw/usb/hcd-ehci.c. - CVE-2015-8558 * SECURITY UPDATE: host memory leakage in vmxnet3 - debian/patches/CVE-2015-856x.patch: avoid memory leakage in hw/net/vmxnet3.c. - CVE-2015-8567 - CVE-2015-8568 * SECURITY UPDATE: buffer overflow in megasas_ctrl_get_info - debian/patches/CVE-2015-8613.patch: initialise info object with appropriate size in hw/scsi/megasas.c. - CVE-2015-8613 * SECURITY UPDATE: DoS via Human Monitor Interface - debian/patches/CVE-2015-8619.patch: fix sendkey out of bounds write in hmp.c, include/ui/console.h, ui/input-legacy.c. - CVE-2015-8619 * SECURITY UPDATE: incorrect array bounds check in rocker - debian/patches/CVE-2015-8701.patch: fix an incorrect array bounds check in hw/net/rocker/rocker.c. - CVE-2015-8701 * SECURITY UPDATE: ne2000 OOB r/w in ioport operations - debian/patches/CVE-2015-8743.patch: fix bounds check in ioport operations in hw/net/ne2000.c. - CVE-2015-8743 * SECURITY UPDATE: ahci use-after-free vulnerability in aio port commands - debian/patches/CVE-2016-1568.patch: reset ncq object to unused on error in hw/ide/ahci.c. - CVE-2016-1568 * SECURITY UPDATE: DoS via null pointer dereference in vapic_write() - debian/patches/CVE-2016-1922.patch: avoid null pointer dereference in hw/i386/kvmvapic.c. - CVE-2016-1922 * SECURITY UPDATE: e1000 infinite loop - debian/patches/CVE-2016-1981.patch: eliminate infinite loops on out-of-bounds transfer start in hw/net/e1000.c - CVE-2016-1981 * SECURITY UPDATE: AHCI NULL pointer dereference when using FIS CLB engines - debian/patches/CVE-2016-2197.patch: add check before calling dma_memory_unmap in hw/ide/ahci.c. - CVE-2016-2197 * SECURITY UPDATE: ehci null pointer dereference in ehci_caps_write - debian/patches/CVE-2016-2198.patch: add capability mmio write function in hw/usb/hcd-ehci.c. - CVE-2016-2198 Checksums-Sha1: 576514a761fa97351a4b2a3a02cd7d3c8b5c7756 6126 qemu_2.5+dfsg-1ubuntu5.dsc 3e422a7692ccafbf9ef1b7d8b766769a49e47e9a 81640 qemu_2.5+dfsg-1ubuntu5.debian.tar.xz Checksums-Sha256: d8bf057b0be013a1ba0d5e41bb34ead5fb231fa4fd96f645906f42e765798d9f 6126 qemu_2.5+dfsg-1ubuntu5.dsc 53d93313b0e1f492276cd9a453521baa0244df940951830e4f304e4f2ba8569c 81640 qemu_2.5+dfsg-1ubuntu5.debian.tar.xz Files: 3d474d20529ac7bef30cdba8947e8c66 6126 otherosfs optional qemu_2.5+dfsg-1ubuntu5.dsc a2635ac9044a4d237b5e9d3b092ccf31 81640 otherosfs optional qemu_2.5+dfsg-1ubuntu5.debian.tar.xz Original-Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWr70DAAoJEGVp2FWnRL6Tg2IQAIMFETGnT8A61SUXJaH1LWry xvX/9XhDB/luLqAoRBisb/D669Ncf40w9Mxq0NDjIv9ocsSOZ9Z5bZbZBXVmTXA+ ngwVbz8P+qpYISkYOOwGL8rF0ffHwz8ZNMkq7O7OfdHB8YLEFqWiqEGnp5LYsOXl vdATe5QXeVa0RACXIOIOT5d6y7Ov/jAoq37an0BGsj8UjwD1Vg5d6KmZtkhkQXs9 NFd6KS2qwcPTsWmQUfcR+zR543c+LviUg4u84vGOaOhtdGwrUv42wxvOnwywH/nP 3XTpeitylQ8MDB4SPfBvKQCjwMsgQKa3WLVy/xAb8fXHft/4juSFvjzwekyk4yXa 6WS00sAb0+w6139ZdnE+X7GMLzvCAgnq4SoeGQeD34oT6hS9/ZD678BSjsu2UZJP a1j05SEuadhfFcpe0WfZHwfICEUBWg2EVpwjqUm5kGbaZFBan5q/x1d1uy+f1Q2g dN6+wTFDefEoCQbGC2aRCmnP3iomKH/R+3xIqfCajJxrKncfwp00AckPYTqxgxt/ mak/K4Ll7HqhaA92TAo5t3UfwXzr14oHX/egaMB/JR2YgJ10AEhky7GPohwViM6G 1e6kCPmX3BT/8q2oTHWar0U5WfhGZb0dWqtw85NAmK0gwv6b8O/+w69YmdYx5+H9 bdIxPO6rdXEsh0gmPf5r =32oF -----END PGP SIGNATURE-----
-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes