UbuntuUpdates.org

Package "qemu"

Name: qemu

Description:

fast processor emulator

Latest version: 1:2.11+dfsg-1ubuntu7.3
Release: bionic (18.04)
Level: security
Repository: universe
Homepage: http://www.qemu.org/

Links

Save this URL for the latest version of "qemu": https://www.ubuntuupdates.org/qemu


Download "qemu"


Other versions of "qemu" in Bionic

Repository Area Version
base universe 1:2.11+dfsg-1ubuntu7
base main 1:2.11+dfsg-1ubuntu7
security main 1:2.11+dfsg-1ubuntu7.3
updates universe 1:2.11+dfsg-1ubuntu7.5
updates main 1:2.11+dfsg-1ubuntu7.5

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:2.11+dfsg-1ubuntu7.3 2018-06-12 13:06:44 UTC

  qemu (1:2.11+dfsg-1ubuntu7.3) bionic-security; urgency=medium

  * SECURITY UPDATE: Speculative Store Bypass
    - debian/patches/ubuntu/CVE-2018-3639-2.patch: define the AMD
      'virt-ssbd' CPUID feature bit in target/i386/cpu.c.
    - debian/patches/ubuntu/CVE-2018-3639-3.patch: define the Virt SSBD MSR
      and handling of it in target/i386/cpu.h, target/i386/kvm.c,
      target/i386/machine.c.
    - CVE-2018-3639

 -- Marc Deslauriers <email address hidden> Wed, 23 May 2018 07:57:07 -0400

Source diff to previous version
CVE-2018-3639 Speculative Store Bypass

Version: 1:2.11+dfsg-1ubuntu7.2 2018-05-22 00:07:00 UTC

  qemu (1:2.11+dfsg-1ubuntu7.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Speculative Store Bypass
    - debian/patches/ubuntu/CVE-2018-3639.patch: add bit(2) of SPEC_CTRL
      MSR support - Reduced Data Speculation to target/i386/cpu.*.
    - CVE-2018-3639

 -- Marc Deslauriers <email address hidden> Thu, 17 May 2018 09:57:26 -0400

Source diff to previous version
CVE-2018-3639 Speculative Store Bypass

Version: 1:2.11+dfsg-1ubuntu7.1 2018-05-16 16:07:13 UTC

  qemu (1:2.11+dfsg-1ubuntu7.1) bionic-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds access during migration via ps2
    - debian/patches/ubuntu/CVE-2017-16845.patch: check PS2Queue pointers
      in post_load routine in hw/input/ps2.c.
    - CVE-2017-16845
  * SECURITY UPDATE: arbitrary code execution via load_multiboot
    - debian/patches/ubuntu/CVE-2018-7550.patch: handle bss_end_addr being
      zero in hw/i386/multiboot.c.
    - CVE-2018-7550
  * SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
    - debian/patches/ubuntu/CVE-2018-7858.patch: fix region calculation in
      hw/display/vga.c.
    - CVE-2018-7858

 -- Marc Deslauriers <email address hidden> Fri, 11 May 2018 13:26:42 -0400

CVE-2017-16845 hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.
CVE-2018-7550 The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU hos
CVE-2018-7858 Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of ser



About   -   Send Feedback to @ubuntu_updates