[ubuntu/zesty-proposed] qemu 1:2.6.1+dfsg-0ubuntu9 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Fri Jan 20 19:22:15 UTC 2017
qemu (1:2.6.1+dfsg-0ubuntu9) zesty; urgency=medium
* SECURITY UPDATE: DoS via unbounded memory allocation
- debian/patches/revert-afd9096eb1882f23929f5b5c177898ed231bac66.patch:
removed to add back size check in hw/virtio/virtio.c.
- debian/patches/CVE-2016-5403-2.patch: recalculate vq->inuse after
migration in hw/virtio/virtio.c.
- debian/patches/CVE-2016-5403-3.patch: decrement vq->inuse in
virtqueue_discard() in hw/virtio/virtio.c.
- debian/patches/CVE-2016-5403-4.patch: zero vq->inuse in
virtio_reset() in hw/virtio/virtio.c.
- debian/patches/CVE-2016-5403-5.patch: discard virtqueue element on
reset in hw/virtio/virtio-balloon.c.
- CVE-2016-5403
* SECURITY UPDATE: use after free while writing in vmxnet3
- debian/patches/CVE-2016-6833.patch: check for device_active before
write in hw/net/vmxnet3.c.
- CVE-2016-6833
* SECURITY UPDATE: DoS via infinite loop during packet fragmentation
- debian/patches/CVE-2016-6834.patch: check fragment length during
fragmentation in hw/net/vmxnet_tx_pkt.c.
- CVE-2016-6834
* SECURITY UPDATE: Buffer overflow in vmxnet_tx_pkt_parse_headers()
- debian/patches/CVE-2016-6835.patch: check IP header length in
hw/net/vmxnet_tx_pkt.c.
- CVE-2016-6835
* SECURITY UPDATE: Information leak in vmxnet3_complete_packet
- debian/patches/CVE-2016-6836.patch: initialise local tx descriptor in
hw/net/vmxnet3.c.
- CVE-2016-6836
* SECURITY UPDATE: Integer overflow in packet initialisation in VMXNET3
- debian/patches/CVE-2016-6888.patch: use g_new for pkt initialisation
in hw/net/vmxnet_tx_pkt.c.
- CVE-2016-6888
* SECURITY UPDATE: directory traversal flaw in 9p virtio backend
- debian/patches/CVE-2016-7116-1.patch: forbid illegal path names in
hw/9pfs/9p.c.
- debian/patches/CVE-2016-7116-2.patch: forbid . and .. in file names
in hw/9pfs/9p.c.
- debian/patches/CVE-2016-7116-3.patch: handle walk of ".." in the root
directory in hw/9pfs/9p.*.
- debian/patches/CVE-2016-7116-4.patch: fix potential segfault during
walk in hw/9pfs/9p.c.
- CVE-2016-7116
* SECURITY UPDATE: OOB read and infinite loop in pvscsi
- debian/patches/CVE-2016-7155.patch: check page count while
initialising descriptor rings in hw/scsi/vmw_pvscsi.c.
- CVE-2016-7155
* SECURITY UPDATE: infinite loop when building SG list in pvscsi
- debian/patches/CVE-2016-7156.patch: limit loop to fetch SG list in
hw/scsi/vmw_pvscsi.c.
- CVE-2016-7156
* SECURITY UPDATE: invalid memory access in mptsas
- debian/patches/CVE-2016-7157-1.patch: fix an assert expression in
hw/scsi/mptconfig.c.
- debian/patches/CVE-2016-7157-2.patch: fix misuse of
MPTSAS_CONFIG_PACK in hw/scsi/mptconfig.c.
- CVE-2016-7157
* SECURITY UPDATE: buffer overflow in xlnx.xps-ethernetlite
- debian/patches/CVE-2016-7161.patch: fix a heap overflow in
hw/net/xilinx_ethlite.c.
- CVE-2016-7161
* SECURITY UPDATE: OOB stack memory access in vmware_vga
- debian/patches/CVE-2016-7170.patch: correct bitmap and pixmap size
checks in hw/display/vmware_vga.c.
- CVE-2016-7170
* SECURITY UPDATE: Infinite loop when processing IO requests in pvscsi
- debian/patches/CVE-2016-7421.patch: limit process IO loop to ring
size in hw/scsi/vmw_pvscsi.c.
- CVE-2016-7421
* SECURITY UPDATE: null pointer dereference in virtio
- debian/patches/CVE-2016-7422.patch: dd check for descriptor's mapped
address in hw/virtio/virtio.c.
- CVE-2016-7422
* SECURITY UPDATE: denial of service in LSI SAS1068 Host Bus
- debian/patches/CVE-2016-7423.patch: use g_new0 to allocate
MPTSASRequest object in hw/scsi/mptsas.c.
- CVE-2016-7423
* SECURITY UPDATE: memory leakage during device unplug in xhci
- debian/patches/CVE-2016-7466.patch: fix memory leak in usb_xhci_exit
in hw/usb/hcd-xhci.c.
- CVE-2016-7466
* SECURITY UPDATE: denial of service in mcf via invalid count
- debian/patches/CVE-2016-7908.patch: limit buffer descriptor count in
hw/net/mcf_fec.c.
- CVE-2016-7908
* SECURITY UPDATE: denial of service in pcnet via invalid length
- debian/patches/CVE-2016-7909.patch: check rx/tx descriptor ring
length in hw/net/pcnet.c.
- CVE-2016-7909
* SECURITY UPDATE: denial of service via memory leak in virtio-gpu
- debian/patches/CVE-2016-7994.patch: fix memory leak in
virtio_gpu_resource_create_2d in hw/display/virtio-gpu.c.
- CVE-2016-7994
* SECURITY UPDATE: denial of service via memory leak in ehci
- debian/patches/CVE-2016-7995.patch: fix memory leak in
ehci_process_itd in hw/usb/hcd-ehci.c.
- CVE-2016-7995
* SECURITY UPDATE: denial of service via infinite loop in xhci
- debian/patches/CVE-2016-8576.patch: limit the number of link trbs we
are willing to process in hw/usb/hcd-xhci.c.
- CVE-2016-8576
* SECURITY UPDATE: host memory leakage in 9pfs
- debian/patches/CVE-2016-8577.patch: fix potential host memory leak in
v9fs_read in hw/9pfs/9p.c.
- CVE-2016-8577
* SECURITY UPDATE: NULL dereference in 9pfs
- debian/patches/CVE-2016-8578.patch: allocate space for guest
originated empty strings in fsdev/9p-iov-marshal.c, hw/9pfs/9p.c.
- CVE-2016-8578
* SECURITY UPDATE: OOB buffer access in rocker switch emulation
- debian/patches/CVE-2016-8668.patch: set limit to DMA buffer size in
hw/net/rocker/rocker.c.
- CVE-2016-8668
* SECURITY UPDATE: infinite loop in Intel HDA controller
- debian/patches/CVE-2016-8909.patch: check stream entry count during
transfer in hw/audio/intel-hda.c.
- CVE-2016-8909
* SECURITY UPDATE: infinite loop in RTL8139 ethernet controller
- debian/patches/CVE-2016-8910.patch: limit processing of ring
descriptors in hw/net/rtl8139.c.
- CVE-2016-8910
* SECURITY UPDATE: memory leakage at device unplug in eepro100
- debian/patches/CVE-2016-9101.patch: fix memory leak in device uninit
in hw/net/eepro100.c.
- CVE-2016-9101
* SECURITY UPDATE: denial of service via memory leak in 9pfs
- debian/patches/CVE-2016-9102.patch: fix memory leak in
v9fs_xattrcreate in hw/9pfs/9p.c.
- CVE-2016-9102
* SECURITY UPDATE: information leakage via xattribute in 9pfs
- debian/patches/CVE-2016-9103.patch: fix information leak in xattr
read in hw/9pfs/9p.c.
- CVE-2016-9103
* SECURITY UPDATE: integer overflow leading to OOB access in 9pfs
- debian/patches/CVE-2016-9104.patch: fix integer overflow issue in
xattr read/write in hw/9pfs/9p.c.
- CVE-2016-9104
* SECURITY UPDATE: denial of service via memory leakage in 9pfs
- debian/patches/CVE-2016-9105.patch: fix memory leak in v9fs_link in
hw/9pfs/9p.c.
- CVE-2016-9105
* SECURITY UPDATE: denial of service via memory leakage in 9pfs
- debian/patches/CVE-2016-9106.patch: fix memory leak in v9fs_write in
hw/9pfs/9p.c.
- CVE-2016-9106
Date: Fri, 20 Jan 2017 12:35:37 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/qemu/1:2.6.1+dfsg-0ubuntu9
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 20 Jan 2017 12:35:37 -0500
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm qemu-system-aarch64 qemu-system-s390x
Architecture: source
Version: 1:2.6.1+dfsg-0ubuntu9
Distribution: zesty
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
qemu - fast processor emulator
qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization
qemu-system - QEMU full system emulation binaries
qemu-system-aarch64 - QEMU full system emulation binaries (aarch64)
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-s390x - QEMU full system emulation binaries (s390x)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Changes:
qemu (1:2.6.1+dfsg-0ubuntu9) zesty; urgency=medium
.
* SECURITY UPDATE: DoS via unbounded memory allocation
- debian/patches/revert-afd9096eb1882f23929f5b5c177898ed231bac66.patch:
removed to add back size check in hw/virtio/virtio.c.
- debian/patches/CVE-2016-5403-2.patch: recalculate vq->inuse after
migration in hw/virtio/virtio.c.
- debian/patches/CVE-2016-5403-3.patch: decrement vq->inuse in
virtqueue_discard() in hw/virtio/virtio.c.
- debian/patches/CVE-2016-5403-4.patch: zero vq->inuse in
virtio_reset() in hw/virtio/virtio.c.
- debian/patches/CVE-2016-5403-5.patch: discard virtqueue element on
reset in hw/virtio/virtio-balloon.c.
- CVE-2016-5403
* SECURITY UPDATE: use after free while writing in vmxnet3
- debian/patches/CVE-2016-6833.patch: check for device_active before
write in hw/net/vmxnet3.c.
- CVE-2016-6833
* SECURITY UPDATE: DoS via infinite loop during packet fragmentation
- debian/patches/CVE-2016-6834.patch: check fragment length during
fragmentation in hw/net/vmxnet_tx_pkt.c.
- CVE-2016-6834
* SECURITY UPDATE: Buffer overflow in vmxnet_tx_pkt_parse_headers()
- debian/patches/CVE-2016-6835.patch: check IP header length in
hw/net/vmxnet_tx_pkt.c.
- CVE-2016-6835
* SECURITY UPDATE: Information leak in vmxnet3_complete_packet
- debian/patches/CVE-2016-6836.patch: initialise local tx descriptor in
hw/net/vmxnet3.c.
- CVE-2016-6836
* SECURITY UPDATE: Integer overflow in packet initialisation in VMXNET3
- debian/patches/CVE-2016-6888.patch: use g_new for pkt initialisation
in hw/net/vmxnet_tx_pkt.c.
- CVE-2016-6888
* SECURITY UPDATE: directory traversal flaw in 9p virtio backend
- debian/patches/CVE-2016-7116-1.patch: forbid illegal path names in
hw/9pfs/9p.c.
- debian/patches/CVE-2016-7116-2.patch: forbid . and .. in file names
in hw/9pfs/9p.c.
- debian/patches/CVE-2016-7116-3.patch: handle walk of ".." in the root
directory in hw/9pfs/9p.*.
- debian/patches/CVE-2016-7116-4.patch: fix potential segfault during
walk in hw/9pfs/9p.c.
- CVE-2016-7116
* SECURITY UPDATE: OOB read and infinite loop in pvscsi
- debian/patches/CVE-2016-7155.patch: check page count while
initialising descriptor rings in hw/scsi/vmw_pvscsi.c.
- CVE-2016-7155
* SECURITY UPDATE: infinite loop when building SG list in pvscsi
- debian/patches/CVE-2016-7156.patch: limit loop to fetch SG list in
hw/scsi/vmw_pvscsi.c.
- CVE-2016-7156
* SECURITY UPDATE: invalid memory access in mptsas
- debian/patches/CVE-2016-7157-1.patch: fix an assert expression in
hw/scsi/mptconfig.c.
- debian/patches/CVE-2016-7157-2.patch: fix misuse of
MPTSAS_CONFIG_PACK in hw/scsi/mptconfig.c.
- CVE-2016-7157
* SECURITY UPDATE: buffer overflow in xlnx.xps-ethernetlite
- debian/patches/CVE-2016-7161.patch: fix a heap overflow in
hw/net/xilinx_ethlite.c.
- CVE-2016-7161
* SECURITY UPDATE: OOB stack memory access in vmware_vga
- debian/patches/CVE-2016-7170.patch: correct bitmap and pixmap size
checks in hw/display/vmware_vga.c.
- CVE-2016-7170
* SECURITY UPDATE: Infinite loop when processing IO requests in pvscsi
- debian/patches/CVE-2016-7421.patch: limit process IO loop to ring
size in hw/scsi/vmw_pvscsi.c.
- CVE-2016-7421
* SECURITY UPDATE: null pointer dereference in virtio
- debian/patches/CVE-2016-7422.patch: dd check for descriptor's mapped
address in hw/virtio/virtio.c.
- CVE-2016-7422
* SECURITY UPDATE: denial of service in LSI SAS1068 Host Bus
- debian/patches/CVE-2016-7423.patch: use g_new0 to allocate
MPTSASRequest object in hw/scsi/mptsas.c.
- CVE-2016-7423
* SECURITY UPDATE: memory leakage during device unplug in xhci
- debian/patches/CVE-2016-7466.patch: fix memory leak in usb_xhci_exit
in hw/usb/hcd-xhci.c.
- CVE-2016-7466
* SECURITY UPDATE: denial of service in mcf via invalid count
- debian/patches/CVE-2016-7908.patch: limit buffer descriptor count in
hw/net/mcf_fec.c.
- CVE-2016-7908
* SECURITY UPDATE: denial of service in pcnet via invalid length
- debian/patches/CVE-2016-7909.patch: check rx/tx descriptor ring
length in hw/net/pcnet.c.
- CVE-2016-7909
* SECURITY UPDATE: denial of service via memory leak in virtio-gpu
- debian/patches/CVE-2016-7994.patch: fix memory leak in
virtio_gpu_resource_create_2d in hw/display/virtio-gpu.c.
- CVE-2016-7994
* SECURITY UPDATE: denial of service via memory leak in ehci
- debian/patches/CVE-2016-7995.patch: fix memory leak in
ehci_process_itd in hw/usb/hcd-ehci.c.
- CVE-2016-7995
* SECURITY UPDATE: denial of service via infinite loop in xhci
- debian/patches/CVE-2016-8576.patch: limit the number of link trbs we
are willing to process in hw/usb/hcd-xhci.c.
- CVE-2016-8576
* SECURITY UPDATE: host memory leakage in 9pfs
- debian/patches/CVE-2016-8577.patch: fix potential host memory leak in
v9fs_read in hw/9pfs/9p.c.
- CVE-2016-8577
* SECURITY UPDATE: NULL dereference in 9pfs
- debian/patches/CVE-2016-8578.patch: allocate space for guest
originated empty strings in fsdev/9p-iov-marshal.c, hw/9pfs/9p.c.
- CVE-2016-8578
* SECURITY UPDATE: OOB buffer access in rocker switch emulation
- debian/patches/CVE-2016-8668.patch: set limit to DMA buffer size in
hw/net/rocker/rocker.c.
- CVE-2016-8668
* SECURITY UPDATE: infinite loop in Intel HDA controller
- debian/patches/CVE-2016-8909.patch: check stream entry count during
transfer in hw/audio/intel-hda.c.
- CVE-2016-8909
* SECURITY UPDATE: infinite loop in RTL8139 ethernet controller
- debian/patches/CVE-2016-8910.patch: limit processing of ring
descriptors in hw/net/rtl8139.c.
- CVE-2016-8910
* SECURITY UPDATE: memory leakage at device unplug in eepro100
- debian/patches/CVE-2016-9101.patch: fix memory leak in device uninit
in hw/net/eepro100.c.
- CVE-2016-9101
* SECURITY UPDATE: denial of service via memory leak in 9pfs
- debian/patches/CVE-2016-9102.patch: fix memory leak in
v9fs_xattrcreate in hw/9pfs/9p.c.
- CVE-2016-9102
* SECURITY UPDATE: information leakage via xattribute in 9pfs
- debian/patches/CVE-2016-9103.patch: fix information leak in xattr
read in hw/9pfs/9p.c.
- CVE-2016-9103
* SECURITY UPDATE: integer overflow leading to OOB access in 9pfs
- debian/patches/CVE-2016-9104.patch: fix integer overflow issue in
xattr read/write in hw/9pfs/9p.c.
- CVE-2016-9104
* SECURITY UPDATE: denial of service via memory leakage in 9pfs
- debian/patches/CVE-2016-9105.patch: fix memory leak in v9fs_link in
hw/9pfs/9p.c.
- CVE-2016-9105
* SECURITY UPDATE: denial of service via memory leakage in 9pfs
- debian/patches/CVE-2016-9106.patch: fix memory leak in v9fs_write in
hw/9pfs/9p.c.
- CVE-2016-9106
Checksums-Sha1:
2c0d47dbc51b616043173cdbb54bbf63eb7666ce 6250 qemu_2.6.1+dfsg-0ubuntu9.dsc
9ef5b16ae7f4f8b522bb7b3eba7705f8a1384776 123436 qemu_2.6.1+dfsg-0ubuntu9.debian.tar.xz
Checksums-Sha256:
d5b333bcf5eb4f30ced26abb3269e67f2da3b19fb116b7a9a8242b408c173113 6250 qemu_2.6.1+dfsg-0ubuntu9.dsc
bd984d2d6b24352c9f2ea10066af109eccc1e04d0cf10dee3aaad5e7748f6b76 123436 qemu_2.6.1+dfsg-0ubuntu9.debian.tar.xz
Files:
7e2f4672dccc9335560dfb038d1b4f3d 6250 otherosfs optional qemu_2.6.1+dfsg-0ubuntu9.dsc
c255367aae045a08eb00b4f0c5e11207 123436 otherosfs optional qemu_2.6.1+dfsg-0ubuntu9.debian.tar.xz
Original-Maintainer: Debian QEMU Team <pkg-qemu-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJYgmEAAAoJEGVp2FWnRL6TIJgQAKgenkLB+nmI5TkTQrhVT0Gm
k7VRxNXMTQW29PhnT5ZyhH9fKTOaR6iVwdcZ4Dx/BisuWOe4uAie9VOre5VyGd0W
A/SjOfq/W9dVVHNQmzj3y4ObuEVT9MTkM7VqXci497rF7nJHS+Aa+cr5pFbjzE9q
yOomggywdt158c3wMTZ8zbOwidbrj6tU78ll1sTs8K+8oDPIf22q0Rg/cC6STiAt
qcIBEtV4da+JmHd5xRVhtElwkiEkh2B7F0BSodpcEY4azQiqR/lFGfm57ZmDZNgz
Tsrcpnl+vz6eHdEjK7sPypVmNGlhnXswPMVf7Kij7vy89T9NPr/T8QW8tShz3zky
3L8UFElaopR3h7tJxVBrBmnKZ/sCsUvquHaJnAVfIRBjLg/gyVREerwC4mcu0l4b
buNdAVjqoOO+WevAqqR/3oNBMej0ON332uAxDM4KT8GqSENNO0WQGVBKP4diGanP
GBg070DFHjyhaGJ1dg3BoD0QXSWqjt6BAmHS3Gb8TzVAErSDQQfzmSHsfmhJjrs1
ea4+7yrgT/GmK93vs/WqVkBnsrWEydOqdPjKZ6C0mwi6CdNEIyvQCqOjJ9DXz+GZ
6/qLNoLRFCgrW7CgwR4ZXdtAIZ5/ckGNLw+V8XIYIjL8Xyu+h+cAi+FnmhBQdGqt
wXJcrgYbbLIpv7vsrO/N
=+5FX
-----END PGP SIGNATURE-----
More information about the Zesty-changes
mailing list