[ubuntu/yakkety-proposed] qemu 1:2.6+dfsg-3ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Aug 3 14:24:55 UTC 2016 

qemu (1:2.6+dfsg-3ubuntu2) yakkety; urgency=medium

  * SECURITY UPDATE: DoS via unbounded memory allocation
    - debian/patches/CVE-2016-5403.patch: check size in hw/virtio/virtio.c.
    - CVE-2016-5403
  * SECURITY UPDATE: oob write access while reading ESP command
    - debian/patches/CVE-2016-6351.patch: make cmdbuf big enough for
      maximum CDB size and handle migration in hw/scsi/esp.c,
      include/hw/scsi/esp.h, include/migration/vmstate.h.
    - CVE-2016-6351
  * SECURITY UPDATE: infinite loop in virtqueue_pop
    - debian/patches/CVE-2016-6490.patch: check vring descriptor buffer
      length in hw/virtio/virtio.c.
    - CVE-2016-6490

Date: Wed, 03 Aug 2016 08:36:16 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/qemu/1:2.6+dfsg-3ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 03 Aug 2016 08:36:16 -0400
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm qemu-system-aarch64 qemu-system-s390x
Architecture: source
Version: 1:2.6+dfsg-3ubuntu2
Distribution: yakkety
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 qemu       - fast processor emulator
 qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization
 qemu-system - QEMU full system emulation binaries
 qemu-system-aarch64 - QEMU full system emulation binaries (aarch64)
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-s390x - QEMU full system emulation binaries (s390x)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Changes:
 qemu (1:2.6+dfsg-3ubuntu2) yakkety; urgency=medium
 .
   * SECURITY UPDATE: DoS via unbounded memory allocation
     - debian/patches/CVE-2016-5403.patch: check size in hw/virtio/virtio.c.
     - CVE-2016-5403
   * SECURITY UPDATE: oob write access while reading ESP command
     - debian/patches/CVE-2016-6351.patch: make cmdbuf big enough for
       maximum CDB size and handle migration in hw/scsi/esp.c,
       include/hw/scsi/esp.h, include/migration/vmstate.h.
     - CVE-2016-6351
   * SECURITY UPDATE: infinite loop in virtqueue_pop
     - debian/patches/CVE-2016-6490.patch: check vring descriptor buffer
       length in hw/virtio/virtio.c.
     - CVE-2016-6490
Checksums-Sha1:
 4f167581345f2552b803cc8d6d845bb3b1e07b2c 6233 qemu_2.6+dfsg-3ubuntu2.dsc
 89d0ac3fc3818224fd35d35ffca838e57121754d 98332 qemu_2.6+dfsg-3ubuntu2.debian.tar.xz
Checksums-Sha256:
 654eb793f4e6305abaa02aaff6913373c9ed69f72393072a3e3d8dc3a7d1772e 6233 qemu_2.6+dfsg-3ubuntu2.dsc
 0c26e414df4e22dc8bfa41637b0952c304bc7b10e69738429cc8b8ea705e9bca 98332 qemu_2.6+dfsg-3ubuntu2.debian.tar.xz
Files:
 ea5a6ffaaec3d9b3786462c1a496370c 6233 otherosfs optional qemu_2.6+dfsg-3ubuntu2.dsc
 c1d3acf7ab483f6fc2ceb904d779a311 98332 otherosfs optional qemu_2.6+dfsg-3ubuntu2.debian.tar.xz
Original-Maintainer: Debian QEMU Team <pkg-qemu-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXof3cAAoJEGVp2FWnRL6TjNMP/1zWG6CuZWGfO1ivSrRWhgnD
EDSt/p/rsIjpAa+z17lco80dtTzRtgxrcO4ZlJVXNbMdrIZf15A0zylzxSN7Rr1y
f50l3eOYEPphdfJ/MKuS/Mb88RWcQVLmanuJytjqIJb7OhrLqfNA8uoFZ35ziTWY
YaBX5RiDm8nmNpsFUNaU8ZaF4jBXdbjImYzo0WvY6j8YUSVwa7b+LoSVgqbpa3qa
6mJ20e6Cpl5qc3uRCjpggkGkO5ehIruCldx51RVmj8Z6NEjUb8XPots7rVQ3BcUk
dba4IoR+Lob7YqyiQ9CrMYEzKkIm5OIY7LLx5xkyBsF7JNZEr99zjGShZSB9XPTt
vijPFTOFcWh2ZBq08iGB8PqKLk12gcamoK/9JR+xvM1d23YLu0ecLKr+flZ9ZziD
Ft1qi99IJmhrUqAJHqJ0skgfrxARDgFrwKNxR7paehSkhOtvDA3xyVdWBWC8Euqa
zqwC+jA5KCpRXJb69e+Y3Mmmr7UayBaqE9uyBfYL99L05sGvHO5ZnYFbQmqeFHa3
UEsL1Pk+9XyO6qndQhaXT4PiQ+UlomOHLIKetLoZD6sGjwKqjpPStGJxGd+KEqpi
pGJV8wXOWfps2+IKpEVk73NSaoqNLWIHKQBUbgz5glWTHRxFCbQCedE8JPDD8IHF
t9Kc/GyRUK/003QUTib/
=LsIi
-----END PGP SIGNATURE-----

More information about the Yakkety-changes mailing list