UbuntuUpdates.org

Package "qemu"

Name: qemu

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Guest-side qemu-system agent
  • QEMU minimized system emulation binaries (x86)
  • QEMU full system emulation binaries (x86)
  • QEMU user mode emulation binaries

Latest version: 1:4.2-3ubuntu6.28
Release: focal (20.04)
Level: updates
Repository: universe

Links



Other versions of "qemu" in Focal

Repository Area Version
base main 1:4.2-3ubuntu6
security universe 1:4.2-3ubuntu6.28
security main 1:4.2-3ubuntu6.28
updates main 1:4.2-3ubuntu6.28

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:4.2-3ubuntu6.28 2024-01-08 21:06:55 UTC

  qemu (1:4.2-3ubuntu6.28) focal-security; urgency=medium

  * SECURITY UPDATE: infinite loop in USB xHCI controller
    - debian/patches/CVE-2020-14394.patch: Fix unbounded loop in
      xhci_ring_chain_length() in hw/usb/hcd-xhci.c.
    - CVE-2020-14394
  * SECURITY UPDATE: code execution in TCG Accelerator
    - debian/patches/CVE-2020-24165.patch: fix race in cpu_exec_step_atomic
      in accel/tcg/cpu-exec.c.
    - CVE-2020-24165
  * SECURITY UPDATE: OOB access in ATI VGA device
    - debian/patches/CVE-2021-3638.patch: Fix buffer overflow in ati_2d_blt
      in hw/display/ati_2d.c.
    - CVE-2021-3638
  * SECURITY UPDATE: OOB read in RDMA device
    - debian/patches/CVE-2023-1544.patch: protect against buggy or
      malicious guest driver in hw/rdma/vmw/pvrdma_main.c.
    - CVE-2023-1544
  * SECURITY UPDATE: 9pfs special file access
    - debian/patches/CVE-2023-2861.patch: prevent opening special files in
      fsdev/virtfs-proxy-helper.c, hw/9pfs/9p-util.h.
    - CVE-2023-2861
  * SECURITY UPDATE: heap overflow in crypto device
    - debian/patches/CVE-2023-3180.patch: verify src&dst buffer length for
      sym request in hw/virtio/virtio-crypto.c.
    - CVE-2023-3180
  * SECURITY UPDATE: DoS in VNC server
    - debian/patches/CVE-2023-3354.patch: remove io watch if TLS channel is
      closed during handshake in include/io/channel-tls.h,
      io/channel-tls.c.
    - CVE-2023-3354
  * SECURITY UPDATE: disk offset 0 access
    - debian/patches/CVE-2023-5088.patch: cancel async DMA operation before
      resetting state in hw/ide/core.c.
    - CVE-2023-5088

 -- Marc Deslauriers <email address hidden> Thu, 30 Nov 2023 14:45:57 -0500

Source diff to previous version
CVE-2020-14394 An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. Thi
CVE-2020-24165 An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial o
CVE-2021-3638 An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MM
CVE-2023-1544 A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a
CVE-2023-2861 A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host s
CVE-2023-3180 A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no ch
CVE-2023-3354 A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections cro
CVE-2023-5088 A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overw

Version: 1:4.2-3ubuntu6.27 2023-06-19 06:07:07 UTC

  qemu (1:4.2-3ubuntu6.27) focal-security; urgency=medium

  * SECURITY UPDATE: user-after-free issue
    - debian/patches/CVE-2022-1050.patch: Protect against buggy or
      malicious guest driver
    - CVE-2022-1050
  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2022-4144-*.patch: Have qxl_log_command Return
      early if no log_cmd handler; Document qxl_phys2virt(); Pass requested
      buffer size to qxl_phys2virt(); Avoid buffer overrun in qxl_phys2virt;
      Assert memory slot fits in preallocated MemoryRegion
    - CVE-2022-4144
  * SECURITY UPDATE: reentrancy problem
    - debian/patches/CVE-2023-0330.patch: Fix reentrancy issues in the LSI
      controller
    - CVE-2023-0330

 -- Nishit Majithia <email address hidden> Tue, 13 Jun 2023 16:58:54 +0530

Source diff to previous version
CVE-2022-1050 A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when
CVE-2022-4144 An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structu
CVE-2023-0330 A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like st

Version: 1:4.2-3ubuntu6.26 2023-04-26 09:36:00 UTC

  qemu (1:4.2-3ubuntu6.26) focal; urgency=medium

  * d/p/u/lp-1999885-s390x-tod-kvm-don-t-save-restore-the-TOD-in-PV-guest.patch:
    avoid timer issues in s390x secure execution guests (LP: #1999885)

 -- Christian Ehrhardt <email address hidden> Thu, 23 Mar 2023 08:18:28 +0100

Source diff to previous version
1999885 [UBUNTU 20.04] KVM: s390: pv: don't allow userspace to set the clock under PV - qemu part

Version: 1:4.2-3ubuntu6.25 2023-04-06 21:06:56 UTC

  qemu (1:4.2-3ubuntu6.25) focal; urgency=medium

  [ Brett Milford ]
  * d/p/u/lp1994002-migration-Read-state-once.patch: Fix for libvirt
    error 'migration was active, but no RAM info was set' (LP: #1994002)

  [ Mauricio Faria de Oliveira ]
  * d/p/u/lp2009048-vfio_map_dma_einval_amd_iommu_1tb.patch: Add hint
    to VFIO_MAP_DMA error on AMD IOMMU for VMs with ~1TB+ RAM (LP: #2009048)

 -- Mauricio Faria de Oliveira <email address hidden> Thu, 02 Mar 2023 18:07:21 -0300

Source diff to previous version
1994002 [SRU] migration was active, but no RAM info was set
2009048 PCI passthrough on AMD IOMMU fails with \

Version: 1:4.2-3ubuntu6.24 2022-12-12 10:07:15 UTC

  qemu (1:4.2-3ubuntu6.24) focal-security; urgency=medium

  * SECURITY UPDATE: DMA reentrancy issue
    - debian/patches/CVE-2021-3750.patch: Introduce MemTxAttrs::memory
      field and MEMTX_ACCESS_ERROR
    - CVE-2021-3750
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2022-0216-*.patch: fix use-after-free in
      lsi_do_msgout
    - CVE-2022-0216

 -- Nishit Majithia <email address hidden> Thu, 08 Dec 2022 14:45:56 +0530

CVE-2021-3750 A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO regi
CVE-2022-0216 A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated message



About   -   Send Feedback to @ubuntu_updates