[ubuntu/wily-proposed] qemu 1:2.3+dfsg-5ubuntu4 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Aug 25 19:29:16 UTC 2015 

qemu (1:2.3+dfsg-5ubuntu4) wily; urgency=medium

  * SECURITY UPDATE: process heap memory disclosure
    - debian/patches/CVE-2015-5165.patch: check sizes in hw/net/rtl8139.c.
    - CVE-2015-5165
  * SECURITY UPDATE: privilege escalation via block device unplugging
    - debian/patches/CVE-2015-5166.patch: properly unhook from BlockBackend
      in hw/ide/piix.c.
    - CVE-2015-5166
  * SECURITY UPDATE: privilege escalation via memory corruption in vnc
    - debian/patches/CVE-2015-5225.patch: use bytes per scanline to apply
      limits in ui/vnc.c.
    - CVE-2015-5225
  * SECURITY UPDATE: denial of service via virtio-serial
    - debian/patches/CVE-2015-5745.patch: don't assume a specific layout
      for control messages in hw/char/virtio-serial-bus.c.
    - CVE-2015-5745

Date: Tue, 25 Aug 2015 09:38:43 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/qemu/1:2.3+dfsg-5ubuntu4
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 25 Aug 2015 09:38:43 -0400
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm libcacard0 libcacard-dev libcacard-tools qemu-system-aarch64
Architecture: source
Version: 1:2.3+dfsg-5ubuntu4
Distribution: wily
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 libcacard-dev - Virtual Common Access Card (CAC) Emulator (development files)
 libcacard-tools - Virtual Common Access Card (CAC) Emulator (tools)
 libcacard0 - Virtual Common Access Card (CAC) Emulator (runtime library)
 qemu       - fast processor emulator
 qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization
 qemu-system - QEMU full system emulation binaries
 qemu-system-aarch64 - QEMU full system emulation binaries (aarch64)
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Changes:
 qemu (1:2.3+dfsg-5ubuntu4) wily; urgency=medium
 .
   * SECURITY UPDATE: process heap memory disclosure
     - debian/patches/CVE-2015-5165.patch: check sizes in hw/net/rtl8139.c.
     - CVE-2015-5165
   * SECURITY UPDATE: privilege escalation via block device unplugging
     - debian/patches/CVE-2015-5166.patch: properly unhook from BlockBackend
       in hw/ide/piix.c.
     - CVE-2015-5166
   * SECURITY UPDATE: privilege escalation via memory corruption in vnc
     - debian/patches/CVE-2015-5225.patch: use bytes per scanline to apply
       limits in ui/vnc.c.
     - CVE-2015-5225
   * SECURITY UPDATE: denial of service via virtio-serial
     - debian/patches/CVE-2015-5745.patch: don't assume a specific layout
       for control messages in hw/char/virtio-serial-bus.c.
     - CVE-2015-5745
Checksums-Sha1:
 3a9203af90eab171d491547653e11be86be0b5ad 6791 qemu_2.3+dfsg-5ubuntu4.dsc
 0370b5141472a66877597ebde1750756e4d988e2 90988 qemu_2.3+dfsg-5ubuntu4.debian.tar.xz
Checksums-Sha256:
 cc729c3b300ae2f076d35cff31c690edcb7e0f61ec5a4acca7ca3a0d57707ab2 6791 qemu_2.3+dfsg-5ubuntu4.dsc
 783a1f2583c6ba1fbeaf1312529d80254710b270ed9027b2bf08be576e388959 90988 qemu_2.3+dfsg-5ubuntu4.debian.tar.xz
Files:
 66715804e769832e56af2a454ceef882 6791 otherosfs optional qemu_2.3+dfsg-5ubuntu4.dsc
 afa9acbdb122a957b19fec7543a1cdb8 90988 otherosfs optional qemu_2.3+dfsg-5ubuntu4.debian.tar.xz
Original-Maintainer: Debian QEMU Team <pkg-qemu-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJV3KYSAAoJEGVp2FWnRL6TRfEQALRuLzlTxaUFMmOtt4pIm2UN
g4C7FaEe3PVs3+JsL4FS/XcVmuRMLZ6zRyNNph1t7rg/prkdDKOrK37Ofxr+Suz7
n05qX1I3uYL7Tq7BbtlfHTyB7FYWdFpUOqCWuNfNa1YGS/jXgQFTCakd+GJ/qgNX
YcrdWjSKfcOJL5Fn+TjgXk0KaN/M3i/E+iR1f3Mq8aDqC5VetwE5xYS0QvlLlBzR
+JuOsWppD7J1lrV6XB4guWPpDhjtoCZLU4UC1BdxA/+ULP+Wgy4vj7G78ZD+EPed
EP1NDkqwVfNMGZmR1NbQK7Rb8+ey61rnr+cxuzGla97ckhAOz3D57TeDeW8G53gV
jStidcT29v339euAG6S2et3UNfdwaNaBiHnAOP3W0asM1TYLF2F0W2Zexqb/dX2R
lhFXeTjG+HIUnfQZ+9QGu6cihacGazYPRhS8V65VBeyMBihti9TIoDyJqK0TtBC4
SJ2XKNr+kkrN2oFNCcoHWaHDkMdixXtVCtzXc9ZwFOLO8urUGt0QADsXdj/LHpVq
RjOyDKV3VC9xr5YHXgpl/eO6J9R5L3JNemqeLDbonSui7vxWUraEjE/49VM4CwG2
D7wkIzphjhHTeaZjfDQqLwjkMSGfMojO/WJ/l/tQlXF4fEXAhOzL8F1UhMfwARaY
gxIJtccDkkYiYtQcOvzw
=3LXX
-----END PGP SIGNATURE-----

More information about the Wily-changes mailing list