UbuntuUpdates.org

Package "qemu-kvm"

Name: qemu-kvm

Description:

Full virtualization on i386 and amd64 hardware

Latest version: 1.0+noroms-0ubuntu14.31
Release: precise (12.04)
Level: security
Repository: main
Homepage: http://www.linux-kvm.org

Links


Download "qemu-kvm"


Other versions of "qemu-kvm" in Precise

Repository Area Version
base universe 1.0+noroms-0ubuntu13
base main 1.0+noroms-0ubuntu13
security universe 1.0+noroms-0ubuntu14.31
updates universe 1.0+noroms-0ubuntu14.31
updates main 1.0+noroms-0ubuntu14.31

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.0+noroms-0ubuntu14.26 2015-12-03 14:06:34 UTC

  qemu-kvm (1.0+noroms-0ubuntu14.26) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via jumbo frame flood in virtio
    - debian/patches/CVE-2015-7295.patch: drop truncated packets in
      hw/virtio-net.c, hw/virtio.c, hw/virtio.h.
    - CVE-2015-7295
  * SECURITY UPDATE: loopback mode heap overflow vulnerability in pcnet
    - debian/patches/CVE-2015-7504.patch: leave room for CRC code in
      hw/pcnet.c.
    - CVE-2015-7504
  * SECURITY UPDATE: non-loopback mode buffer overflow in pcnet
    - debian/patches/CVE-2015-7512.patch: check packet length in
      hw/pcnet.c.
    - CVE-2015-7512
  * SECURITY UPDATE: infinite loop in eepro100
    - debian/patches/CVE-2015-8345.patch: prevent endless loop in
      hw/eepro100.c.
    - CVE-2015-8345

 -- Marc Deslauriers Tue, 01 Dec 2015 16:30:23 -0500

Source diff to previous version
CVE-2015-7295 hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote
CVE-2015-7504 net: pcnet: heap overflow vulnerability in loopback mode
CVE-2015-7512 net: pcnet: buffer overflow in non-loopback mode
CVE-2015-8345 Qemu: net: eepro100: infinite loop in processing command block list

Version: 1.0+noroms-0ubuntu14.25 2015-09-24 19:06:36 UTC

  qemu-kvm (1.0+noroms-0ubuntu14.25) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via vnc infinite loop
    - debian/patches/CVE-2015-5239.patch: limit client_cut_text msg payload
      size in ui/vnc.c.
    - CVE-2015-5239
  * SECURITY UPDATE: denial of service via NE2000 driver
    - debian/patches/CVE-2015-5278.patch: fix infinite loop in
      hw/ne2000.c.
    - CVE-2015-5278
  * SECURITY UPDATE: denial of service and possible code execution via
    heap overflow in NE2000 driver
    - debian/patches/CVE-2015-5279.patch: validate ring buffer pointers in
      hw/ne2000.c.
    - CVE-2015-5279
  * SECURITY UPDATE: denial of service via e1000 infinite loop
    - debian/patches/CVE-2015-6815.patch: check bytes in hw/e1000.c.
    - CVE-2015-6815
  * SECURITY UPDATE: denial of service via illegal ATAPI commands
    - debian/patches/CVE-2015-6855.patch: fix ATAPI command permissions in
      hw/ide/core.c.
    - CVE-2015-6855

 -- Marc Deslauriers Wed, 23 Sep 2015 15:28:32 -0400

Source diff to previous version
CVE-2015-5239 Integer overflow in vnc_client_read() and protocol_client_msg()
CVE-2015-5278 net: avoid infinite loop when receiving packets
CVE-2015-5279 add checks to validate ring buffer pointers
CVE-2015-6815 Qemu: net: e1000 infinite loop issue
CVE-2015-6855 commands which are illegal to sent to an ATAPI device should be rejected

Version: 1.0+noroms-0ubuntu14.24 2015-08-27 12:06:39 UTC

  qemu-kvm (1.0+noroms-0ubuntu14.24) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via PRDT with zero complete sectors
    - debian/patches/CVE-2014-9718.patch: refactor return codes in
      hw/ide/ahci.c, hw/ide/core.c, hw/ide/internal.h, hw/ide/pci.c.
    - CVE-2014-9718
  * SECURITY UPDATE: process heap memory disclosure
    - debian/patches/CVE-2015-5165.patch: check sizes in hw/rtl8139.c.
    - CVE-2015-5165

 -- Marc Deslauriers Tue, 25 Aug 2015 08:58:16 -0400

Source diff to previous version
CVE-2014-9718 The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return val
CVE-2015-5165 The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read pro

Version: 1.0+noroms-0ubuntu14.23 2015-06-10 15:06:54 UTC

  qemu-kvm (1.0+noroms-0ubuntu14.23) precise-security; urgency=medium

  * SECURITY UPDATE: heap overflow in PCNET controller
    - debian/patches/CVE-2015-3209-pre.patch: fix negative array index read
      in hw/pcnet.c.
    - debian/patches/CVE-2015-3209.patch: check bounds in hw/pcnet.c.
    - CVE-2015-3209
  * SECURITY UPDATE: unsafe /tmp filename use by slirp
    - debian/patches/CVE-2015-4037.patch: use mkdtemp in net/slirp.c.
    - CVE-2015-4037

 -- Marc Deslauriers <email address hidden> Tue, 09 Jun 2015 10:21:44 -0400

Source diff to previous version
CVE-2015-3209 heap overflow in qemu pcnet controller allowing guest to host escape

Version: 1.0+noroms-0ubuntu14.22 2015-05-13 18:06:32 UTC

  qemu-kvm (1.0+noroms-0ubuntu14.22) precise-security; urgency=medium

  * SECURITY UPDATE: host code execution via floppy device (VEMON)
    - debian/patches/CVE-2015-3456.patch: force the fifo access to be in
      bounds of the allocated buffer in hw/block/fdc.c.
    - CVE-2015-3456

 -- Marc Deslauriers <email address hidden> Wed, 13 May 2015 08:19:08 -0400

CVE-2015-3456 vulnerability in QEMU's virtual Floppy Disk Controller



About   -   Send Feedback to @ubuntu_updates