[ubuntu/maverick-security] qemu-kvm 0.12.5+noroms-0ubuntu7.8 (Accepted)

Wed Jul 6 21:04:02 UTC 2011

qemu-kvm (0.12.5+noroms-0ubuntu7.8) maverick-security; urgency=low

  * SECURITY UPDATE: fix to validate virtqueue in and out requests from the
    guests
    - debian/patches/CVE-2011-2212-virtqueue-indirect-overflow.patch: update
      hw/virtio.c to verify the length of indirect descriptors in
      virtqueue_pop() and virtqueue_avail_bytes()
    - CVE-2011-2212
  * SECURITY UPDATE: validate virtio_queue_notify() is non-negative
    - debian/patches/CVE-2011-2512-negative-vq-notifies.diff: update
      to move comparison out to syborg_virtio_writel(), virtio_ioport_write()
      and virtio_queue_notify_vq() and don't call common virtio code if
      virtqueue number is invalid. Patch from Debian.
    - CVE-2011-2512

Date: Tue, 05 Jul 2011 14:41:30 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/qemu-kvm/0.12.5+noroms-0ubuntu7.8
-------------- next part --------------
Format: 1.8
Date: Tue, 05 Jul 2011 14:41:30 -0500
Source: qemu-kvm
Binary: qemu-kvm qemu-common qemu-kvm-extras qemu-kvm-extras-static qemu-arm-static kvm qemu
Architecture: source
Version: 0.12.5+noroms-0ubuntu7.8
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 kvm        - dummy transitional pacakge from kvm to qemu-kvm
 qemu       - dummy transitional pacakge from qemu to qemu-kvm
 qemu-arm-static - dummy transitional package for qemu-kvm-extras-static
 qemu-common - qemu common functionality (bios, documentation, etc)
 qemu-kvm   - Full virtualization on i386 and amd64 hardware
 qemu-kvm-extras - fast processor emulator binaries for non-x86 architectures
 qemu-kvm-extras-static - static QEMU user mode emulation binaries
Changes: 
 qemu-kvm (0.12.5+noroms-0ubuntu7.8) maverick-security; urgency=low
 .
   * SECURITY UPDATE: fix to validate virtqueue in and out requests from the
     guests
     - debian/patches/CVE-2011-2212-virtqueue-indirect-overflow.patch: update
       hw/virtio.c to verify the length of indirect descriptors in
       virtqueue_pop() and virtqueue_avail_bytes()
     - CVE-2011-2212
   * SECURITY UPDATE: validate virtio_queue_notify() is non-negative
     - debian/patches/CVE-2011-2512-negative-vq-notifies.diff: update
       to move comparison out to syborg_virtio_writel(), virtio_ioport_write()
       and virtio_queue_notify_vq() and don't call common virtio code if
       virtqueue number is invalid. Patch from Debian.
     - CVE-2011-2512
Checksums-Sha1: 
 185755bb11fc38e70245a25759e49fc2c1b2fecb 2183 qemu-kvm_0.12.5+noroms-0ubuntu7.8.dsc
 bed4d2151789169626ba8b962e6cef0c91058ffd 66016 qemu-kvm_0.12.5+noroms-0ubuntu7.8.diff.gz
Checksums-Sha256: 
 adbb31c75a1de7bb81fd3f9a6174804df54e9fa11d4a95764fbd704d9fc2cf0f 2183 qemu-kvm_0.12.5+noroms-0ubuntu7.8.dsc
 75e9c423593eb15717012a8fb94e80ff440ab2586ad3e107cc3f17da47976c23 66016 qemu-kvm_0.12.5+noroms-0ubuntu7.8.diff.gz
Files: 
 dd68a41c097a5502967766df56fd2cae 2183 misc optional qemu-kvm_0.12.5+noroms-0ubuntu7.8.dsc
 80ec7c7c20109897968a08377018827c 66016 misc optional qemu-kvm_0.12.5+noroms-0ubuntu7.8.diff.gz