UbuntuUpdates.org

Package "qemu-user"

Name: qemu-user

Description:

QEMU user mode emulation binaries
Latest version: 1:6.2+dfsg-2ubuntu6.27
Release: jammy (22.04)
Level: security
Repository: universe
Head package: qemu
Homepage: http://www.qemu.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "qemu-user"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "qemu-user" in Jammy

Repository Area Version
base universe 1:6.2+dfsg-2ubuntu6
updates universe 1:6.2+dfsg-2ubuntu6.27

Changelog

Version: 1:6.2+dfsg-2ubuntu6.11 2023-06-19 05:07:03 UTC

  qemu (1:6.2+dfsg-2ubuntu6.11) jammy-security; urgency=medium

  * SECURITY UPDATE: user-after-free issue
    - debian/patches/CVE-2022-1050.patch: Protect against buggy or
      malicious guest driver
    - CVE-2022-1050
  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2022-4144-*.patch: Have qxl_log_command Return
      early if no log_cmd handler; Document qxl_phys2virt(); Pass requested
      buffer size to qxl_phys2virt(); Avoid buffer overrun in qxl_phys2virt;
      Assert memory slot fits in preallocated MemoryRegion
    - CVE-2022-4144
  * SECURITY UPDATE: reentrancy problem
    - debian/patches/CVE-2023-0330.patch: Fix reentrancy issues in the LSI
      controller
    - CVE-2023-0330

 -- Nishit Majithia <email address hidden> Tue, 13 Jun 2023 17:03:25 +0530
Source diff to previous version
CVE-2022-1050 A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when
CVE-2022-4144 An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structu
CVE-2023-0330 A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like st

Version: 1:6.2+dfsg-2ubuntu6.6 2022-12-12 09:06:30 UTC

  qemu (1:6.2+dfsg-2ubuntu6.6) jammy-security; urgency=medium

  * SECURITY UPDATE: DMA reentrancy issue
    - debian/patches/CVE-2021-3750.patch: Introduce MemTxAttrs::memory
      field and MEMTX_ACCESS_ERROR
    - CVE-2021-3750
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2022-0216-*.patch: fix use-after-free in
      lsi_do_msgout
    - CVE-2022-0216
  * SECURITY UPDATE: integer underflow vulnerability
    - debian/patches/CVE-2022-3165.patch: fix integer underflow in
      vnc_client_cut_text_ext
    - CVE-2022-3165

 -- Nishit Majithia <email address hidden> Thu, 08 Dec 2022 14:47:27 +0530
Source diff to previous version
CVE-2021-3750 A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO regi
CVE-2022-0216 A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated message
CVE-2022-3165 An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could

Version: 1:6.2+dfsg-2ubuntu6.2 2022-06-21 16:06:33 UTC

  qemu (1:6.2+dfsg-2ubuntu6.2) jammy-security; urgency=medium

  * SECURITY UPDATE: heap overflow in floppy disk emulator
    - debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
      hw/block/fdc.c.
    - CVE-2021-3507
  * SECURITY UPDATE: use-after-free in nvme
    - debian/patches/CVE-2021-3929.patch: deny DMA to the iomem of the
      device itself in hw/nvme/ctrl.c.
    - CVE-2021-3929
  * SECURITY UPDATE: integer overflow in QXL display device emulation
    - debian/patches/CVE-2021-4206.patch: check width and height in
      hw/display/qxl-render.c, hw/display/vmware_vga.c, ui/cursor.c.
    - CVE-2021-4206
  * SECURITY UPDATE: heap overflow in QXL display device emulation
    - debian/patches/CVE-2021-4207.patch: fix race condition in qxl_cursor
      in hw/display/qxl-render.c.
    - CVE-2021-4207
  * SECURITY UPDATE: potential privilege escalation in virtiofsd
    - debian/patches/CVE-2022-0358.patch: Drop membership of all
      supplementary groups in tools/virtiofsd/passthrough_ll.c.
    - CVE-2022-0358
  * SECURITY UPDATE: memory leakage in virtio-net device
    - debian/patches/CVE-2022-26353.patch: fix map leaking on error during
      receive in hw/net/virtio-net.c.
    - CVE-2022-26353
  * SECURITY UPDATE: memory leakage in vhost-vsock device
    - debian/patches/CVE-2022-26354.patch: detach the virqueue element in
      case of error in hw/virtio/vhost-vsock-common.c.
    - CVE-2022-26354

 -- Marc Deslauriers <email address hidden> Thu, 09 Jun 2022 11:22:05 -0400
CVE-2021-3507 A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block
CVE-2021-3929 nvme: DMA reentrancy issue leads to use-after-free
CVE-2021-4206 A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a smal
CVE-2021-4207 A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.he
CVE-2022-26353 A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the c
CVE-2022-26354 A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memor


About   -   Send Feedback to @ubuntu_updates