qemu 1:2.8+dfsg-3ubuntu2.4 source package in Ubuntu

Changelog

qemu (1:2.8+dfsg-3ubuntu2.4) zesty-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via virtFS
    - debian/patches/CVE-2017-7493.patch: forbid client access to metadata
      in hw/9pfs/9p-local.c.
    - CVE-2017-7493
  * SECURITY UPDATE: DoS via message ring page count
    - debian/patches/CVE-2017-8112.patch: check page count in
      hw/scsi/vmw_pvscsi.c.
    - CVE-2017-8112
  * SECURITY UPDATE: DoS via OOB read in MegaSAS
    - debian/patches/CVE-2017-8380.patch: avoid off-by-one in
      hw/scsi/megasas.c.
    - CVE-2017-8380
  * SECURITY UPDATE: DoS in virtio GPU device
    - debian/patches/CVE-2017-9060.patch: fix memory leak in
      hw/display/virtio-gpu.c.
    - CVE-2017-9060
  * SECURITY UPDATE: DoS in e1000e NIC
    - debian/patches/CVE-2017-9310.patch: fix infinite loop in
      hw/net/e1000e_core.c.
    - CVE-2017-9310
  * SECURITY UPDATE: DoS in USB OHCI emulation
    - debian/patches/CVE-2017-9330.patch: fix error code in
      hw/usb/hcd-ohci.c.
    - CVE-2017-9330
  * SECURITY UPDATE: DoS in IDE AHCI emulation
    - debian/patches/CVE-2017-9373-1.patch: add cleanup function in
      hw/ide/core.c, include/hw/ide/internal.h.
    - debian/patches/CVE-2017-9373-2.patch: call cleanup function in
      hw/ide/ahci.c.
    - CVE-2017-9373
  * SECURITY UPDATE: DoS in USB EHCI emulation
    - debian/patches/CVE-2017-9374.patch: fix memory leak in
      hw/usb/hcd-ehci-pci.c, hw/usb/hcd-ehci.c, hw/usb/hcd-ehci.h.
    - CVE-2017-9374
  * SECURITY UPDATE: DoS in USB xHCI emulation
    - debian/patches/CVE-2017-9375.patch: guard against recursive calls in
      hw/usb/hcd-xhci.c.
    - CVE-2017-9375
  * SECURITY UPDATE: DoS in MegaSAS
    - debian/patches/CVE-2017-9503-1.patch: add test to
      tests/Makefile.include, tests/megasas-test.c.
    - debian/patches/CVE-2017-9503-2.patch: do not read sense length more
      than once in hw/scsi/megasas.c.
    - debian/patches/CVE-2017-9503-3.patch: do not read iovec count more
      than once in hw/scsi/megasas.c.
    - debian/patches/CVE-2017-9503-4.patch: do not read DCMD opcode more
      than once in hw/scsi/megasas.c.
    - debian/patches/CVE-2017-9503-5.patch: do not read command more than
      once in hw/scsi/megasas.c.
    - debian/patches/CVE-2017-9503-6.patch: do not read SCSI req parameters
      more than once in hw/scsi/megasas.c.
    - debian/patches/CVE-2017-9503-7.patch: always store SCSIRequest* into
      MegasasCmd in hw/scsi/megasas.c, added test to tests/megasas-test.c.
    - CVE-2017-9503
  * SECURITY UPDATE: DoS in NBD server support
    - debian/patches/CVE-2017-9524-1.patch: fully initialize client in
      nbd/server.c, qemu-nbd.c.
    - debian/patches/CVE-2017-9524-2.patch: fix regression in
      blockdev-nbd.c, include/block/nbd.h, nbd/server.c, qemu-nbd.c.
    - CVE-2017-9524
  * SECURITY UPDATE: DoS via incorrect SIGPIPE handling
    - debian/patches/CVE-2017-10664.patch: ignore SIGPIPE in qemu-nbd.c.
    - CVE-2017-10664
  * SECURITY UPDATE: stack overflow in usbredir_log_data
    - debian/patches/CVE-2017-10806.patch: use qemu_hexdump in
      hw/usb/redirect.c.
    - CVE-2017-10806
  * SECURITY UPDATE: memory disclosure in Xen block-interface responses
    - debian/patches/CVE-2017-10911.patch: fill the fields directly in
      hw/block/xen_disk.c.
    - CVE-2017-10911
  * SECURITY UPDATE: DoS via crafted DHCP options string
    - debian/patches/CVE-2017-11434.patch: check length in slirp/bootp.c.
    - CVE-2017-11434
  * SECURITY UPDATE: DoS via flushing empty CDROM drives
    - debian/patches/CVE-2017-12809.patch: don't flush empty drives in
      hw/ide/core.c.
    - CVE-2017-12809

 -- Marc Deslauriers <email address hidden>  Tue, 22 Aug 2017 08:04:37 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2017-08-22
Uploaded to:
Zesty
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
otherosfs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
qemu_2.8+dfsg.orig.tar.xz 6.7 MiB 780abde8ee1f3847bf96b2ae2515ba68bda20734ece3d1017ca6128b3b2a97a6
qemu_2.8+dfsg-3ubuntu2.4.debian.tar.xz 140.5 KiB 57d815a4b0f8b151a32ed1f0902c3825004bc541f520177d1ae0d9f5bd0f9860
qemu_2.8+dfsg-3ubuntu2.4.dsc 6.1 KiB 9f82dead565e6f6b87bbc5af9d9317163d17bd20eed01728288e98203841aa61

View changes file

Binary packages built by this source

qemu: No summary available for qemu in ubuntu zesty.

No description available for qemu in ubuntu zesty.

qemu-block-extra: No summary available for qemu-block-extra in ubuntu zesty.

No description available for qemu-block-extra in ubuntu zesty.

qemu-block-extra-dbgsym: No summary available for qemu-block-extra-dbgsym in ubuntu zesty.

No description available for qemu-block-extra-dbgsym in ubuntu zesty.

qemu-guest-agent: No summary available for qemu-guest-agent in ubuntu zesty.

No description available for qemu-guest-agent in ubuntu zesty.

qemu-guest-agent-dbgsym: No summary available for qemu-guest-agent-dbgsym in ubuntu zesty.

No description available for qemu-guest-agent-dbgsym in ubuntu zesty.

qemu-kvm: No summary available for qemu-kvm in ubuntu zesty.

No description available for qemu-kvm in ubuntu zesty.

qemu-system: No summary available for qemu-system in ubuntu zesty.

No description available for qemu-system in ubuntu zesty.

qemu-system-aarch64: No summary available for qemu-system-aarch64 in ubuntu zesty.

No description available for qemu-system-aarch64 in ubuntu zesty.

qemu-system-arm: No summary available for qemu-system-arm in ubuntu zesty.

No description available for qemu-system-arm in ubuntu zesty.

qemu-system-arm-dbgsym: No summary available for qemu-system-arm-dbgsym in ubuntu zesty.

No description available for qemu-system-arm-dbgsym in ubuntu zesty.

qemu-system-common: No summary available for qemu-system-common in ubuntu zesty.

No description available for qemu-system-common in ubuntu zesty.

qemu-system-common-dbgsym: No summary available for qemu-system-common-dbgsym in ubuntu zesty.

No description available for qemu-system-common-dbgsym in ubuntu zesty.

qemu-system-mips: No summary available for qemu-system-mips in ubuntu zesty.

No description available for qemu-system-mips in ubuntu zesty.

qemu-system-mips-dbgsym: No summary available for qemu-system-mips-dbgsym in ubuntu zesty.

No description available for qemu-system-mips-dbgsym in ubuntu zesty.

qemu-system-misc: No summary available for qemu-system-misc in ubuntu zesty.

No description available for qemu-system-misc in ubuntu zesty.

qemu-system-misc-dbgsym: No summary available for qemu-system-misc-dbgsym in ubuntu zesty.

No description available for qemu-system-misc-dbgsym in ubuntu zesty.

qemu-system-ppc: No summary available for qemu-system-ppc in ubuntu zesty.

No description available for qemu-system-ppc in ubuntu zesty.

qemu-system-ppc-dbgsym: No summary available for qemu-system-ppc-dbgsym in ubuntu zesty.

No description available for qemu-system-ppc-dbgsym in ubuntu zesty.

qemu-system-s390x: No summary available for qemu-system-s390x in ubuntu zesty.

No description available for qemu-system-s390x in ubuntu zesty.

qemu-system-s390x-dbgsym: No summary available for qemu-system-s390x-dbgsym in ubuntu zesty.

No description available for qemu-system-s390x-dbgsym in ubuntu zesty.

qemu-system-sparc: No summary available for qemu-system-sparc in ubuntu zesty.

No description available for qemu-system-sparc in ubuntu zesty.

qemu-system-sparc-dbgsym: No summary available for qemu-system-sparc-dbgsym in ubuntu zesty.

No description available for qemu-system-sparc-dbgsym in ubuntu zesty.

qemu-system-x86: No summary available for qemu-system-x86 in ubuntu zesty.

No description available for qemu-system-x86 in ubuntu zesty.

qemu-system-x86-dbgsym: No summary available for qemu-system-x86-dbgsym in ubuntu zesty.

No description available for qemu-system-x86-dbgsym in ubuntu zesty.

qemu-user: No summary available for qemu-user in ubuntu zesty.

No description available for qemu-user in ubuntu zesty.

qemu-user-binfmt: No summary available for qemu-user-binfmt in ubuntu zesty.

No description available for qemu-user-binfmt in ubuntu zesty.

qemu-user-dbgsym: No summary available for qemu-user-dbgsym in ubuntu zesty.

No description available for qemu-user-dbgsym in ubuntu zesty.

qemu-user-static: No summary available for qemu-user-static in ubuntu zesty.

No description available for qemu-user-static in ubuntu zesty.

qemu-user-static-dbgsym: No summary available for qemu-user-static-dbgsym in ubuntu zesty.

No description available for qemu-user-static-dbgsym in ubuntu zesty.

qemu-utils: No summary available for qemu-utils in ubuntu zesty.

No description available for qemu-utils in ubuntu zesty.

qemu-utils-dbgsym: No summary available for qemu-utils-dbgsym in ubuntu zesty.

No description available for qemu-utils-dbgsym in ubuntu zesty.