[ubuntu/kinetic-proposed] qemu 1:6.2+dfsg-2ubuntu8 (Accepted)

Sergio Durigan Junior sergio.durigan at canonical.com
Wed Jun 22 21:56:15 UTC 2022 

qemu (1:6.2+dfsg-2ubuntu8) kinetic; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: heap overflow in floppy disk emulator
    - debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
      hw/block/fdc.c.
    - CVE-2021-3507
  * SECURITY UPDATE: use-after-free in nvme
    - debian/patches/CVE-2021-3929.patch: deny DMA to the iomem of the
      device itself in hw/nvme/ctrl.c.
    - CVE-2021-3929
  * SECURITY UPDATE: integer overflow in QXL display device emulation
    - debian/patches/CVE-2021-4206.patch: check width and height in
      hw/display/qxl-render.c, hw/display/vmware_vga.c, ui/cursor.c.
    - CVE-2021-4206
  * SECURITY UPDATE: heap overflow in QXL display device emulation
    - debian/patches/CVE-2021-4207.patch: fix race condition in qxl_cursor
      in hw/display/qxl-render.c.
    - CVE-2021-4207
  * SECURITY UPDATE: potential privilege escalation in virtiofsd
    - debian/patches/CVE-2022-0358.patch: Drop membership of all
      supplementary groups in tools/virtiofsd/passthrough_ll.c.
    - CVE-2022-0358
  * SECURITY UPDATE: memory leakage in virtio-net device
    - debian/patches/CVE-2022-26353.patch: fix map leaking on error during
      receive in hw/net/virtio-net.c.
    - CVE-2022-26353
  * SECURITY UPDATE: memory leakage in vhost-vsock device
    - debian/patches/CVE-2022-26354.patch: detach the virqueue element in
      case of error in hw/virtio/vhost-vsock-common.c.
    - CVE-2022-26354

  [ Sergio Durigan Junior ]
  * Fix I/O stalls when using NVMe storage (LP: #1970737).
    - d/p/lp1970737-linux-aio-*.patch: Fix unbalanced plugged counter
      in laio_io_unplug.

Date: Wed, 22 Jun 2022 15:38:37 -0400
Changed-By: Sergio Durigan Junior <sergio.durigan at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/qemu/1:6.2+dfsg-2ubuntu8
-------------- next part --------------
Format: 1.8
Date: Wed, 22 Jun 2022 15:38:37 -0400
Source: qemu
Architecture: source
Version: 1:6.2+dfsg-2ubuntu8
Distribution: kinetic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Sergio Durigan Junior <sergio.durigan at canonical.com>
Launchpad-Bugs-Fixed: 1970737
Changes:
 qemu (1:6.2+dfsg-2ubuntu8) kinetic; urgency=medium
 .
   [ Marc Deslauriers ]
   * SECURITY UPDATE: heap overflow in floppy disk emulator
     - debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
       hw/block/fdc.c.
     - CVE-2021-3507
   * SECURITY UPDATE: use-after-free in nvme
     - debian/patches/CVE-2021-3929.patch: deny DMA to the iomem of the
       device itself in hw/nvme/ctrl.c.
     - CVE-2021-3929
   * SECURITY UPDATE: integer overflow in QXL display device emulation
     - debian/patches/CVE-2021-4206.patch: check width and height in
       hw/display/qxl-render.c, hw/display/vmware_vga.c, ui/cursor.c.
     - CVE-2021-4206
   * SECURITY UPDATE: heap overflow in QXL display device emulation
     - debian/patches/CVE-2021-4207.patch: fix race condition in qxl_cursor
       in hw/display/qxl-render.c.
     - CVE-2021-4207
   * SECURITY UPDATE: potential privilege escalation in virtiofsd
     - debian/patches/CVE-2022-0358.patch: Drop membership of all
       supplementary groups in tools/virtiofsd/passthrough_ll.c.
     - CVE-2022-0358
   * SECURITY UPDATE: memory leakage in virtio-net device
     - debian/patches/CVE-2022-26353.patch: fix map leaking on error during
       receive in hw/net/virtio-net.c.
     - CVE-2022-26353
   * SECURITY UPDATE: memory leakage in vhost-vsock device
     - debian/patches/CVE-2022-26354.patch: detach the virqueue element in
       case of error in hw/virtio/vhost-vsock-common.c.
     - CVE-2022-26354
 .
   [ Sergio Durigan Junior ]
   * Fix I/O stalls when using NVMe storage (LP: #1970737).
     - d/p/lp1970737-linux-aio-*.patch: Fix unbalanced plugged counter
       in laio_io_unplug.
Checksums-Sha1:
 59502d9c16100b103ea931766080c5126a5b76f5 7535 qemu_6.2+dfsg-2ubuntu8.dsc
 249e85319c6a670f2fc57141903debc1674c8acd 150820 qemu_6.2+dfsg-2ubuntu8.debian.tar.xz
 4c0268aefe0a50eedb2b4a0595caea1b88bdd280 8137 qemu_6.2+dfsg-2ubuntu8_source.buildinfo
Checksums-Sha256:
 fca09098ea03750eb1d6cde2504592aa4d3d27e108c10d93a8bc36533a17e6b4 7535 qemu_6.2+dfsg-2ubuntu8.dsc
 903885bdecd62c0d305e1876962d612f971fa9314331225804f0a9d37856d851 150820 qemu_6.2+dfsg-2ubuntu8.debian.tar.xz
 c93f3a3493296404ac35d85aadaf921c9990f44638b86221a0fe3ecb30b17e6c 8137 qemu_6.2+dfsg-2ubuntu8_source.buildinfo
Files:
 decac406e38d454758819f4701145be1 7535 otherosfs optional qemu_6.2+dfsg-2ubuntu8.dsc
 3c250531875c2cb73d7f31e5b2e44eb2 150820 otherosfs optional qemu_6.2+dfsg-2ubuntu8.debian.tar.xz
 f019e34ffdf381e78db27df3e79d00bc 8137 otherosfs optional qemu_6.2+dfsg-2ubuntu8_source.buildinfo
Original-Maintainer: Debian QEMU Team <pkg-qemu-devel at lists.alioth.debian.org>
Vcs-Git: https://git.launchpad.net/~sergiodj/ubuntu/+source/qemu
Vcs-Git-Commit: edc2075f07db097d15663410648b1e8901348cfa
Vcs-Git-Ref: refs/heads/bug1970737-stale-io-sysbench-kinetic

More information about the kinetic-changes mailing list