[ubuntu/xenial-security] qemu 1:2.5+dfsg-5ubuntu10.42 (Accepted)
Steve Beattie
sbeattie at ubuntu.com
Wed Nov 13 22:51:22 UTC 2019
qemu (1:2.5+dfsg-5ubuntu10.42) xenial-security; urgency=medium
* SECURITY UPDATE: infinite loop when executing LSI scsi adapter
emulator scripts
- d/p/CVE-2019-12068.patch: Move the existing loop exit
- CVE-2019-12068
* SECURITY UPDATE: null pointer dereference in qxl display driver
- d/p/CVE-2019-12155.patch: qxl: check release info object
- CVE-2019-12155
* SECURITY UPDATE: qemu-bridge-helper interface name buffer overflow
- d/p/CVE-2019-13164.patch: qemu-bridge-helper: restrict
interface name to IFNAMSIZ
- CVE-2019-13164
* SECURITY UPDATE: heap overflow in slirp
- d/p/CVE-2019-14378.patch: slirp: Fix heap overflow in ip_reass
on big packet input
- CVE-2019-14378
* SECURITY UPDATE: use after free vulnerability in slirp
- d/p/CVE-2019-15890.patch: slirp: ip_reass: Fix use after free
- CVE-2019-15890
qemu (1:2.5+dfsg-5ubuntu10.41) xenial; urgency=medium
* d/p/ubuntu/lp-1830243-s390-bios-Skip-bootmap-signature-entries.patch:
tolerate guests with secure boot loaders (LP: #1830243)
qemu (1:2.5+dfsg-5ubuntu10.40) xenial; urgency=medium
* Restore patches that caused regression
- d/p/lp1823458/add-VirtIONet-vhost_stopped-flag-to-prevent-multiple.patch
- d/p/lp1823458/do-not-call-vhost_net_cleanup-on-running-net-from-ch.patch
* Fix regression introduced by above patches (LP: #1829380)
- d/p/lp1829380.patch
[ Rafael David Tinoco ]
* d/p/lp1828288/target-i386-Set-AMD-alias-bits-after-filtering-CPUID.patch
- Fix issues with CPUID_EXT2_AMD_ALIASES allowing guests using
cpu passthrough to boot. (LP: #1828288)
Date: 2019-11-05 06:25:23.033932+00:00
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.42
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list