qemu-kvm 1.0+noroms-0ubuntu14.31 source package in Ubuntu

Changelog

qemu-kvm (1.0+noroms-0ubuntu14.31) precise-security; urgency=medium

  * SECURITY UPDATE: DoS via unbounded memory allocation
    - debian/patches/CVE-2016-5403.patch: re-enable original patch.
    - debian/patches/CVE-2016-5403-2.patch: recalculate vq->inuse after
      migration in hw/virtio.c.
    - debian/patches/CVE-2016-5403-3.patch: decrement vq->inuse in
      virtqueue_discard() in hw/virtio.c.
    - debian/patches/CVE-2016-5403-4.patch: zero vq->inuse in
      virtio_reset() in hw/virtio.c.
    - CVE-2016-5403
  * SECURITY UPDATE: directory traversal flaw in 9p virtio backend
    - debian/patches/CVE-2016-7116-1.patch: forbid illegal path names in
      hw/9pfs/virtio-9p.c.
    - debian/patches/CVE-2016-7116-2.patch: forbid . and .. in file names
      in hw/9pfs/virtio-9p.c.
    - debian/patches/CVE-2016-7116-3.patch: handle walk of ".." in the root
      directory in hw/9pfs/virtio-9p.*.
    - debian/patches/CVE-2016-7116-4.patch: fix potential segfault during
      walk in hw/9pfs/virtio-9p.c.
    - CVE-2016-7116
  * SECURITY UPDATE: buffer overflow in xlnx.xps-ethernetlite
    - debian/patches/CVE-2016-7161.patch: fix a heap overflow in
      hw/xilinx_ethlite.c.
    - CVE-2016-7161
  * SECURITY UPDATE: OOB stack memory access in vmware_vga
    - debian/patches/CVE-2016-7170.patch: correct bitmap and pixmap size
      checks in hw/vmware_vga.c.
    - CVE-2016-7170
  * SECURITY UPDATE: denial of service in mcf via invalid count
    - debian/patches/CVE-2016-7908.patch: limit buffer descriptor count in
      hw/mcf_fec.c.
    - CVE-2016-7908
  * SECURITY UPDATE: denial of service in pcnet via invalid length
    - debian/patches/CVE-2016-7909.patch: check rx/tx descriptor ring
      length in hw/pcnet.c.
    - CVE-2016-7909
  * SECURITY UPDATE: infinite loop in Intel HDA controller
    - debian/patches/CVE-2016-8909.patch: check stream entry count during
      transfer in hw/intel-hda.c.
    - CVE-2016-8909
  * SECURITY UPDATE: infinite loop in RTL8139 ethernet controller
    - debian/patches/CVE-2016-8910.patch: limit processing of ring
      descriptors in hw/rtl8139.c.
    - CVE-2016-8910
  * SECURITY UPDATE: memory leakage at device unplug in eepro100
    - debian/patches/CVE-2016-9101.patch: fix memory leak in device uninit
      in hw/eepro100.c.
    - CVE-2016-9101
  * SECURITY UPDATE: denial of service via memory leak in 9pfs
    - debian/patches/CVE-2016-9102.patch: fix memory leak in
      v9fs_xattrcreate in hw/9pfs/virtio-9p.c.
    - CVE-2016-9102
  * SECURITY UPDATE: information leakage via xattribute in 9pfs
    - debian/patches/CVE-2016-9103.patch: fix information leak in xattr
      read in hw/9pfs/virtio-9p.c.
    - CVE-2016-9103
  * SECURITY UPDATE: integer overflow leading to OOB access in 9pfs
    - debian/patches/CVE-2016-9104.patch: fix integer overflow issue in
      xattr read/write in hw/9pfs/virtio-9p.c.
    - CVE-2016-9104
  * SECURITY UPDATE: denial of service via memory leakage in 9pfs
    - debian/patches/CVE-2016-9105.patch: fix memory leak in v9fs_link in
      hw/9pfs/virtio-9p.c.
    - CVE-2016-9105

 -- Marc Deslauriers <email address hidden>  Tue, 08 Nov 2016 08:16:37 -0500

Upload details

Uploaded by:
Marc Deslauriers on 2016-11-08
Uploaded to:
Precise
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
misc
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Precise updates on 2016-11-09 main misc
Precise security on 2016-11-09 main misc

Downloads

File Size SHA-256 Checksum
qemu-kvm_1.0+noroms.orig.tar.gz 4.7 MiB 23eecd98460012904455fc94036ff58b99719a595447dc747c6933cc2b4375bf
qemu-kvm_1.0+noroms-0ubuntu14.31.diff.gz 155.4 KiB 38135392fcecf93bc486af44e941c3053945acf538b580d53d99321c7ed8d03c
qemu-kvm_1.0+noroms-0ubuntu14.31.dsc 2.2 KiB 02959c37b9c73f1710d6495f49fe6949534c1de9e4d9943368e05893ac6cbd59

View changes file

Binary packages built by this source

kvm: dummy transitional package from kvm to qemu-kvm

 This transitional package helps users transition from the kvm package to the
 qemu-kvm package. Once this package and its dependencies are installed you
 can safely remove it.

qemu: dummy transitional package from qemu to qemu-kvm

 This transitional package helps users transition from the qemu package to the
 qemu-kvm package. Once this package and its dependencies are installed you
 can safely remove it.

qemu-common: qemu common functionality (bios, documentation, etc)

 This package pulls in the various binary bios rom blobs needed to boot
 the various emulated architectures, as well as the documentation.

qemu-kvm: Full virtualization on i386 and amd64 hardware

 Using KVM, one can run multiple virtual PCs, each running unmodified Linux or
 Windows images. Each virtual machine has private virtualized hardware: a
 network card, disk, graphics adapter, etc.
 .
 KVM (for Kernel-based Virtual Machine) is a full virtualization solution for
 Linux hosts on x86 (32 and 64-bit) hardware.
 .
 KVM is intended for systems where the processor has hardware support for
 virtualization, see below for details. All combinations of 32-bit and 64-bit
 host and guest systems are supported, except 64-bit guests on 32-bit hosts.
 .
 KVM requires your system to support hardware virtualization, provided by AMD's
 SVM capability or Intel's VT. To find out if your processor has the necessary
 support:
 .
   egrep "flags.*:.*(svm|vmx)" /proc/cpuinfo
 .
 If it prints anything, the processor provides hardware virtualization
 support and is suitable for use with KVM. Without hardware support, you can
 use qemu emulation instead.
 .
 KVM consists of two loadable kernel modules (kvm.ko and either kvm-amd.ko or
 kvm-intel.ko) and a userspace component. This package contains the userspace
 component, and you can get the kernel modules from the standard kernel images.
 .
 This package contains support for running virtualized and emulated x86 and
 x86-64 machines only. Support for other architectures is provided by the
 qemu-linaro source package.

qemu-kvm-dbgsym: debug symbols for package qemu-kvm

 Using KVM, one can run multiple virtual PCs, each running unmodified Linux or
 Windows images. Each virtual machine has private virtualized hardware: a
 network card, disk, graphics adapter, etc.
 .
 KVM (for Kernel-based Virtual Machine) is a full virtualization solution for
 Linux hosts on x86 (32 and 64-bit) hardware.
 .
 KVM is intended for systems where the processor has hardware support for
 virtualization, see below for details. All combinations of 32-bit and 64-bit
 host and guest systems are supported, except 64-bit guests on 32-bit hosts.
 .
 KVM requires your system to support hardware virtualization, provided by AMD's
 SVM capability or Intel's VT. To find out if your processor has the necessary
 support:
 .
   egrep "flags.*:.*(svm|vmx)" /proc/cpuinfo
 .
 If it prints anything, the processor provides hardware virtualization
 support and is suitable for use with KVM. Without hardware support, you can
 use qemu emulation instead.
 .
 KVM consists of two loadable kernel modules (kvm.ko and either kvm-amd.ko or
 kvm-intel.ko) and a userspace component. This package contains the userspace
 component, and you can get the kernel modules from the standard kernel images.
 .
 This package contains support for running virtualized and emulated x86 and
 x86-64 machines only. Support for other architectures is provided by the
 qemu-linaro source package.

qemu-utils: qemu utilities

 This package provides some utilities for which full qemu-kvm is not needed,
 in particular qemu-nbd and qemu-img.

qemu-utils-dbgsym: debug symbols for package qemu-utils

 This package provides some utilities for which full qemu-kvm is not needed,
 in particular qemu-nbd and qemu-img.