Format: 1.8 Date: Tue, 12 Aug 2014 14:35:45 -0400 Source: qemu-kvm Binary: qemu-kvm qemu-common qemu-kvm-extras qemu-kvm-extras-static qemu-arm-static kvm qemu Architecture: all i386 Version: 0.12.3+noroms-0ubuntu9.24 Distribution: lucid Urgency: medium Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Marc Deslauriers Description: kvm - dummy transitional pacakge from kvm to qemu-kvm qemu - dummy transitional pacakge from qemu to qemu-kvm qemu-arm-static - dummy transitional package for qemu-kvm-extras-static qemu-common - qemu common functionality (bios, documentation, etc) qemu-kvm - Full virtualization on i386 and amd64 hardware qemu-kvm-extras - fast processor emulator binaries for non-x86 architectures qemu-kvm-extras-static - static QEMU user mode emulation binaries Launchpad-Bugs-Fixed: 1322204 1322204 1322204 1322204 1322204 1322204 Changes: qemu-kvm (0.12.3+noroms-0ubuntu9.24) lucid-security; urgency=medium . * SECURITY UPDATE: denial of service and possible code exection via incorrect image format validation (LP: #1322204) - debian/patches/CVE-2014-0142.patch: validate extent_size header field in block/bochs.c, validate s->tracks in block/parallels.c, validate block size in block/vpc.c, backport function to qemu-common.h, backport DIV_ROUND_UP to osdep.h. - CVE-2014-0142 * SECURITY UPDATE: denial of service and possible code exection via incorrect image format validation (LP: #1322204) - debian/patches/CVE-2014-0143.patch: validate nb_sectors in block.c, validate catalog_size header field in block/bochs.c, prevent offsets_size integer overflow in block/cloop.c, fix catalog size integer overflow in block/parallels.c, validate new_l1_size in block/qcow2-cluster.c, use proper size in block/qcow2-refcount.c, check L1 snapshot table size in block/qcow2-snapshot.c, check active L1 table size in block/qcow2.c, define max size in block/qcow2.h. - CVE-2014-0143 * SECURITY UPDATE: denial of service and possible code exection via incorrect image format validation (LP: #1322204) - debian/patches/CVE-2014-0144.patch: validate block sizes and offsets in block/cloop.c, check offset in block/curl.c, validate size in block/qcow2-refcount.c, check number of snapshots in block/qcow2-snapshot.c, check sizes and offsets in block/qcow2.c, move structs to block/qcow2.h, check sizes in block/vdi.c, prevent overflows in block/vpc.c. - CVE-2014-0144 * SECURITY UPDATE: denial of service and possible code exection via incorrect image format validation (LP: #1322204) - debian/patches/CVE-2014-0145.patch: check chunk sizes in block/dmg.c, use correct size in block/qcow2-snapshot.c. - CVE-2014-0145 * SECURITY UPDATE: denial of service and possible code exection via incorrect image format validation (LP: #1322204) - debian/patches/CVE-2014-0146.patch: calculate offsets properly in block/qcow2.c. - CVE-2014-0146 * SECURITY UPDATE: denial of service and possible code exection via incorrect image format validation (LP: #1322204) - debian/patches/CVE-2014-0147.patch: use proper sizes in block/bochs.c. - CVE-2014-0147 * SECURITY UPDATE: multiple buffer overflows on invalid state load - debian/patches: added large number of upstream patches pulled from git tree. - CVE-2013-4148 - CVE-2013-4151 - CVE-2013-4530 - CVE-2013-4531 - CVE-2013-4533 - CVE-2013-4534 - CVE-2013-4537 - CVE-2013-4538 - CVE-2013-4539 - CVE-2013-4540 - CVE-2013-6399 - CVE-2014-0182 - CVE-2014-0222 - CVE-2014-0223 Checksums-Sha1: 296915e76e6665b4027d0fa28de5d083bb95e792 32248 qemu-common_0.12.3+noroms-0ubuntu9.24_all.deb 9ff19cf340d97eb558943eaedb0587b07c7a324c 2565250 qemu-kvm_0.12.3+noroms-0ubuntu9.24_i386.deb 965c257c6cf622c483d9bed39a7c2f32352ace05 14513136 qemu-kvm-extras_0.12.3+noroms-0ubuntu9.24_i386.deb bb209f854af68b91a06ff7e88a607f12214edd0e 9062024 qemu-kvm-extras-static_0.12.3+noroms-0ubuntu9.24_i386.deb 1796a34c1e55c4c080ed92c253fba55cfa792fe5 16552 qemu-arm-static_0.12.3+noroms-0ubuntu9.24_i386.deb 4820697b75ebff98adddf670c059b207c18a33af 16390 qemu_0.12.3+noroms-0ubuntu9.24_i386.deb e5f907bdc12e9a0698ca086f8482e776e0f7d097 16932 kvm_84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9.24_i386.deb Checksums-Sha256: 40d38c8e2fb75e75e56a165fdca4c7253e62c7c9bdf982e7d789e340f975a816 32248 qemu-common_0.12.3+noroms-0ubuntu9.24_all.deb 60acd754ed00fd2e136a356bc4e5d3f4c28f9959445ba79c8b781b1932661967 2565250 qemu-kvm_0.12.3+noroms-0ubuntu9.24_i386.deb 218a16baa82a8138769bb3a48acf32cf86c1fbebb9587942473a1d30c6af91a3 14513136 qemu-kvm-extras_0.12.3+noroms-0ubuntu9.24_i386.deb 19d98d6f4cc3b817f7835116edd93feb37d3955f6df95549fa1bdb1045f4c0e7 9062024 qemu-kvm-extras-static_0.12.3+noroms-0ubuntu9.24_i386.deb 425ac3c4ca51771991a7f52cb642cd2c62c961edb35c89dd9baebcbb392f7343 16552 qemu-arm-static_0.12.3+noroms-0ubuntu9.24_i386.deb d2362a30e63bfe7b780c28623b9ccfd764b230d849729be231708c51b1c51516 16390 qemu_0.12.3+noroms-0ubuntu9.24_i386.deb 18a0da8fd59f4c51ac6d2895dcaa7c038c2a0335029ece989fdccfbe4a2ec6a1 16932 kvm_84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9.24_i386.deb Files: 787804650cb161f68a4450264876c000 32248 misc optional qemu-common_0.12.3+noroms-0ubuntu9.24_all.deb ac1705e20e583b2247050499beb573db 2565250 misc optional qemu-kvm_0.12.3+noroms-0ubuntu9.24_i386.deb 81664812b9d00de91bf77b1fa65f633a 14513136 misc optional qemu-kvm-extras_0.12.3+noroms-0ubuntu9.24_i386.deb f4b4682da1a47fb84bbd36b91f5f7aae 9062024 misc optional qemu-kvm-extras-static_0.12.3+noroms-0ubuntu9.24_i386.deb 921fc50fe7a5d854e1067b7a621ee93a 16552 misc optional qemu-arm-static_0.12.3+noroms-0ubuntu9.24_i386.deb 85611ff323687dfca76629ed54ab0e1e 16390 metapackages optional qemu_0.12.3+noroms-0ubuntu9.24_i386.deb fa41d6374a5cdb2097f6573137a2c4f2 16932 metapackages optional kvm_84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9.24_i386.deb