UbuntuUpdates.org

Package "qemu-common"

Name: qemu-common

Description:

qemu common functionality (bios, documentation, etc)

Latest version: 1.0+noroms-0ubuntu14.31
Release: precise (12.04)
Level: security
Repository: main
Head package: qemu-kvm
Homepage: http://www.linux-kvm.org

Links


Download "qemu-common"


Other versions of "qemu-common" in Precise

Repository Area Version
base main 1.0+noroms-0ubuntu13
updates main 1.0+noroms-0ubuntu14.31

Changelog

Version: 1.0+noroms-0ubuntu14.31 2016-11-09 19:06:43 UTC

  qemu-kvm (1.0+noroms-0ubuntu14.31) precise-security; urgency=medium

  * SECURITY UPDATE: DoS via unbounded memory allocation
    - debian/patches/CVE-2016-5403.patch: re-enable original patch.
    - debian/patches/CVE-2016-5403-2.patch: recalculate vq->inuse after
      migration in hw/virtio.c.
    - debian/patches/CVE-2016-5403-3.patch: decrement vq->inuse in
      virtqueue_discard() in hw/virtio.c.
    - debian/patches/CVE-2016-5403-4.patch: zero vq->inuse in
      virtio_reset() in hw/virtio.c.
    - CVE-2016-5403
  * SECURITY UPDATE: directory traversal flaw in 9p virtio backend
    - debian/patches/CVE-2016-7116-1.patch: forbid illegal path names in
      hw/9pfs/virtio-9p.c.
    - debian/patches/CVE-2016-7116-2.patch: forbid . and .. in file names
      in hw/9pfs/virtio-9p.c.
    - debian/patches/CVE-2016-7116-3.patch: handle walk of ".." in the root
      directory in hw/9pfs/virtio-9p.*.
    - debian/patches/CVE-2016-7116-4.patch: fix potential segfault during
      walk in hw/9pfs/virtio-9p.c.
    - CVE-2016-7116
  * SECURITY UPDATE: buffer overflow in xlnx.xps-ethernetlite
    - debian/patches/CVE-2016-7161.patch: fix a heap overflow in
      hw/xilinx_ethlite.c.
    - CVE-2016-7161
  * SECURITY UPDATE: OOB stack memory access in vmware_vga
    - debian/patches/CVE-2016-7170.patch: correct bitmap and pixmap size
      checks in hw/vmware_vga.c.
    - CVE-2016-7170
  * SECURITY UPDATE: denial of service in mcf via invalid count
    - debian/patches/CVE-2016-7908.patch: limit buffer descriptor count in
      hw/mcf_fec.c.
    - CVE-2016-7908
  * SECURITY UPDATE: denial of service in pcnet via invalid length
    - debian/patches/CVE-2016-7909.patch: check rx/tx descriptor ring
      length in hw/pcnet.c.
    - CVE-2016-7909
  * SECURITY UPDATE: infinite loop in Intel HDA controller
    - debian/patches/CVE-2016-8909.patch: check stream entry count during
      transfer in hw/intel-hda.c.
    - CVE-2016-8909
  * SECURITY UPDATE: infinite loop in RTL8139 ethernet controller
    - debian/patches/CVE-2016-8910.patch: limit processing of ring
      descriptors in hw/rtl8139.c.
    - CVE-2016-8910
  * SECURITY UPDATE: memory leakage at device unplug in eepro100
    - debian/patches/CVE-2016-9101.patch: fix memory leak in device uninit
      in hw/eepro100.c.
    - CVE-2016-9101
  * SECURITY UPDATE: denial of service via memory leak in 9pfs
    - debian/patches/CVE-2016-9102.patch: fix memory leak in
      v9fs_xattrcreate in hw/9pfs/virtio-9p.c.
    - CVE-2016-9102
  * SECURITY UPDATE: information leakage via xattribute in 9pfs
    - debian/patches/CVE-2016-9103.patch: fix information leak in xattr
      read in hw/9pfs/virtio-9p.c.
    - CVE-2016-9103
  * SECURITY UPDATE: integer overflow leading to OOB access in 9pfs
    - debian/patches/CVE-2016-9104.patch: fix integer overflow issue in
      xattr read/write in hw/9pfs/virtio-9p.c.
    - CVE-2016-9104
  * SECURITY UPDATE: denial of service via memory leakage in 9pfs
    - debian/patches/CVE-2016-9105.patch: fix memory leak in v9fs_link in
      hw/9pfs/virtio-9p.c.
    - CVE-2016-9105

 -- Marc Deslauriers <email address hidden> Tue, 08 Nov 2016 08:16:37 -0500

Source diff to previous version
CVE-2016-5403 The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QE
CVE-2016-7116 9p: directory traversal flaw in 9p virtio backend
CVE-2016-7161 Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code
CVE-2016-7170 vmware_vga: OOB stack memory access when processing svga command
CVE-2016-7908 The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting pac
CVE-2016-7909 The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infini
CVE-2016-8909 The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (i
CVE-2016-8910 The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of servic
CVE-2016-9101 net: eepro100 memory leakage at device unplug
CVE-2016-9102 memory leakage when creating extended attribute
CVE-2016-9103 9pfs: information leakage via xattribute
CVE-2016-9104 9pfs: integer overflow leading to OOB access
CVE-2016-9105 memory leakage in v9fs_link

Version: 1.0+noroms-0ubuntu14.30 2016-08-12 18:06:51 UTC

  qemu-kvm (1.0+noroms-0ubuntu14.30) precise-security; urgency=medium

  * SECURITY REGRESSION: crash on migration with memory stats enabled
    (LP: #1612089)
    - debian/patches/CVE-2016-5403.patch: disable for now pending
      investigation.

 -- Marc Deslauriers <email address hidden> Fri, 12 Aug 2016 08:49:38 -0400

Source diff to previous version
CVE-2016-5403 The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QE

Version: 1.0+noroms-0ubuntu14.29 2016-08-04 19:07:07 UTC

  qemu-kvm (1.0+noroms-0ubuntu14.29) precise-security; urgency=medium

  * SECURITY UPDATE: infinite loop in vmware_vga
    - debian/patches/CVE-2016-4453.patch: limit fifo commands in
      hw/vmware_vga.c.
    - CVE-2016-4453
  * SECURITY UPDATE: DoS or host memory leakage in vmware_vga
    - debian/patches/CVE-2016-4454.patch: fix sanity checks in
      hw/vmware_vga.c.
    - CVE-2016-4454
  * SECURITY UPDATE: DoS via unbounded memory allocation
    - debian/patches/CVE-2016-5403.patch: check size in hw/virtio.c.
    - CVE-2016-5403

 -- Marc Deslauriers <email address hidden> Thu, 04 Aug 2016 07:50:42 -0400

Source diff to previous version
CVE-2016-4453 The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and
CVE-2016-4454 The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information
CVE-2016-5403 The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QE

Version: 1.0+noroms-0ubuntu14.28 2016-05-12 15:06:22 UTC

  qemu-kvm (1.0+noroms-0ubuntu14.28) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via multiple eof_timers in ohci
    - debian/patches/CVE-2016-2391.patch: allocate timer only once in
      hw/usb-ohci.c.
    - CVE-2016-2391
  * SECURITY UPDATE: denial of service in in remote NDIS control message
    handling
    - debian/patches/CVE-2016-2392.patch: check USB configuration
      descriptor object in hw/usb-net.c.
    - CVE-2016-2392
  * SECURITY UPDATE: denial of service or host information leak in USB Net
    device emulation support
    - debian/patches/CVE-2016-2538.patch: check RNDIS buffer offsets and
      length in hw/usb-net.c.
    - CVE-2016-2538
  * SECURITY UPDATE: denial of service via infinite loop in ne2000
    - debian/patches/CVE-2016-2841.patch: heck ring buffer control
      registers in hw/ne2000.c.
    - CVE-2016-2841
  * SECURITY UPDATE: denial of service via payload length in crafted packet
    - debian/patches/CVE-2016-2857.patch: check packet payload length in
      net/checksum.c.
    - CVE-2016-2857
  * SECURITY UPDATE: arbitrary host code execution via VGA module
    - debian/patches/CVE-2016-3710.patch: fix banked access bounds checking
      in hw/vga.c.
    - CVE-2016-3710
  * SECURITY UPDATE: denial of service via VGA module
    - debian/patches/CVE-2016-3712.patch: make sure vga register setup for
      vbe stays intact in hw/vga.c.
    - CVE-2016-3712
  * SECURITY UPDATE: denial of service in Luminary Micro Stellaris Ethernet
    - debian/patches/CVE-2016-4001.patch: check packet length against
      receive buffer in hw/stellaris_enet.c.
    - CVE-2016-4001
  * SECURITY UPDATE: denial of sevice and possible code execution in
    MIPSnet
    - debian/patches/CVE-2016-4002.patch: check size in hw/mipsnet.c.
    - CVE-2016-4002
  * SECURITY UPDATE: denial of service via infinite loop in in usb_ehci
    - debian/patches/CVE-2016-4037.patch: apply limit to iTD/sidt
      descriptors in hw/usb-ehci.c.
    - CVE-2016-4037

 -- Marc Deslauriers <email address hidden> Wed, 11 May 2016 08:24:36 -0400

Source diff to previous version
CVE-2016-2391 usb: multiple eof_timers in ohci leads to null pointer dereference
CVE-2016-2392 usb: null pointer dereference in remote NDIS control message handling
CVE-2016-2538 usb: integer overflow in remote NDIS control message handling
CVE-2016-2841 net: ne2000: infinite loop in ne2000_receive
CVE-2016-2857 The net_checksum_calculate function in net/checksum.c in QEMU allows guest OS users to cause a denial of service (out-of-bounds heap read and crash)
CVE-2016-3710 incorrect banked access bounds checking in vga module
CVE-2016-3712 Out-of-bounds read when creating weird vga screen surface
CVE-2016-4001 net: buffer overflow in stellaris_enet emulator
CVE-2016-4002 Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote
CVE-2016-4037 usb: Infinite loop vulnerability in usb_ehci using siTD process

Version: 1.0+noroms-0ubuntu14.27 2016-02-03 14:06:38 UTC

  qemu-kvm (1.0+noroms-0ubuntu14.27) precise-security; urgency=medium

  * SECURITY UPDATE: vnc floating point exception
    - debian/patches/CVE-2015-8504.patch: handle zero values in ui/vnc.c.
    - CVE-2015-8504
  * SECURITY UPDATE: paravirtualized drivers incautious about shared memory
    contents
    - debian/patches/CVE-2015-8550-1.patch: avoid double access in
      hw/xen_blkif.h.
    - debian/patches/CVE-2015-8550-2.patch: avoid reading twice in
      hw/xenfb.c.
    - CVE-2015-8550
  * SECURITY UPDATE: infinite loop in ehci_advance_state
    - debian/patches/CVE-2015-8558.patch: make idt processing more robust
      in hw/usb-ehci.c.
    - CVE-2015-8558
  * SECURITY UPDATE: ne2000 OOB r/w in ioport operations
    - debian/patches/CVE-2015-8743.patch: fix bounds check in ioport
      operations in hw/ne2000.c.
    - CVE-2015-8743
  * SECURITY UPDATE: ahci use-after-free vulnerability in aio port commands
    - debian/patches/CVE-2016-1568.patch: reset ncq object to unused on
      error in hw/ide/ahci.c.
    - CVE-2016-1568
  * SECURITY UPDATE: firmware configuration device OOB rw access
    - debian/patches/CVE-2016-1714.patch: avoid calculating invalid current
      entry pointer in hw/fw_cfg.c.
    - CVE-2016-1714
  * SECURITY UPDATE: e1000 infinite loop
    - debian/patches/CVE-2016-1981.patch: eliminate infinite loops on
      out-of-bounds transfer start in hw/e1000.c.
    - CVE-2016-1981

 -- Marc Deslauriers <email address hidden> Tue, 02 Feb 2016 08:33:07 -0500

CVE-2015-8504 vnc: avoid floating point exception
CVE-2015-8550 paravirtualized drivers incautious about shared memory contents
CVE-2015-8558 usb: infinite loop in ehci_advance_state results in DoS
CVE-2015-8743 net: ne2000: OOB r/w in ioport operations
CVE-2016-1568 ide: ahci use-after-free vulnerability in aio port commands
CVE-2016-1714 nvram: OOB r/w access in processing firmware configurations
CVE-2016-1981 net: e1000 infinite loop in start_xmit and e1000_receive_iov routines



About   -   Send Feedback to @ubuntu_updates