Package "qemu"

Name: qemu


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • extra block backend modules for qemu-system and qemu-utils
  • QEMU full system emulation binaries
  • QEMU full system emulation binaries (arm)
  • QEMU full system emulation binaries (common files)

Latest version: 1:6.2+dfsg-2ubuntu6.3
Release: jammy (22.04)
Level: updates
Repository: main


Other versions of "qemu" in Jammy

Repository Area Version
base main 1:6.2+dfsg-2ubuntu6
base universe 1:6.2+dfsg-2ubuntu6
security main 1:6.2+dfsg-2ubuntu6.2
security universe 1:6.2+dfsg-2ubuntu6.2
updates universe 1:6.2+dfsg-2ubuntu6.3

Packages in group

Deleted packages are displayed in grey.


Version: 1:6.2+dfsg-2ubuntu6.3 2022-07-13 01:07:11 UTC

  qemu (1:6.2+dfsg-2ubuntu6.3) jammy; urgency=medium

  * Fix unbalanced plugged counter in laio_io_unplug (LP: #1970737)
    - d/p/lp1970737-linux-aio-*.patch: Upstream patches.

 -- Sergio Durigan Junior <email address hidden> Tue, 21 Jun 2022 17:07:50 -0400

Source diff to previous version
1970737 Stalled IO Operations During MySQL Tests (with sysbench)

Version: 1:6.2+dfsg-2ubuntu6.2 2022-06-21 17:06:35 UTC

  qemu (1:6.2+dfsg-2ubuntu6.2) jammy-security; urgency=medium

  * SECURITY UPDATE: heap overflow in floppy disk emulator
    - debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
    - CVE-2021-3507
  * SECURITY UPDATE: use-after-free in nvme
    - debian/patches/CVE-2021-3929.patch: deny DMA to the iomem of the
      device itself in hw/nvme/ctrl.c.
    - CVE-2021-3929
  * SECURITY UPDATE: integer overflow in QXL display device emulation
    - debian/patches/CVE-2021-4206.patch: check width and height in
      hw/display/qxl-render.c, hw/display/vmware_vga.c, ui/cursor.c.
    - CVE-2021-4206
  * SECURITY UPDATE: heap overflow in QXL display device emulation
    - debian/patches/CVE-2021-4207.patch: fix race condition in qxl_cursor
      in hw/display/qxl-render.c.
    - CVE-2021-4207
  * SECURITY UPDATE: potential privilege escalation in virtiofsd
    - debian/patches/CVE-2022-0358.patch: Drop membership of all
      supplementary groups in tools/virtiofsd/passthrough_ll.c.
    - CVE-2022-0358
  * SECURITY UPDATE: memory leakage in virtio-net device
    - debian/patches/CVE-2022-26353.patch: fix map leaking on error during
      receive in hw/net/virtio-net.c.
    - CVE-2022-26353
  * SECURITY UPDATE: memory leakage in vhost-vsock device
    - debian/patches/CVE-2022-26354.patch: detach the virqueue element in
      case of error in hw/virtio/vhost-vsock-common.c.
    - CVE-2022-26354

 -- Marc Deslauriers <email address hidden> Thu, 09 Jun 2022 11:22:05 -0400

Source diff to previous version
CVE-2021-3507 A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block
CVE-2021-3929 nvme: DMA reentrancy issue leads to use-after-free
CVE-2021-4206 A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a smal
CVE-2021-4207 A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.he
CVE-2022-26353 A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the c
CVE-2022-26354 A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memor

Version: 1:6.2+dfsg-2ubuntu6.1 2022-06-06 16:06:32 UTC

  qemu (1:6.2+dfsg-2ubuntu6.1) jammy; urgency=medium

  * d/p/u/lp-1970563-ui-vnc.c-Fixed-a-deadlock-bug.patch: avoid deadlock
    in vnc connections (LP: #1970563)

 -- Christian Ehrhardt <email address hidden> Thu, 19 May 2022 08:25:20 +0200

1970563 Qemu 1:6.2+dfsg-2ubuntu6 deadlock bug

About   -   Send Feedback to @ubuntu_updates