UbuntuUpdates.org

Package "qemu-user-static"

Name: qemu-user-static

Description:

QEMU user mode emulation binaries (static version)
Latest version: 1:6.2+dfsg-2ubuntu6.27
Release: jammy (22.04)
Level: updates
Repository: universe
Head package: qemu
Homepage: http://www.qemu.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "qemu-user-static"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "qemu-user-static" in Jammy

Repository Area Version
base universe 1:6.2+dfsg-2ubuntu6
security universe 1:6.2+dfsg-2ubuntu6.27

Changelog

Version: 1:6.2+dfsg-2ubuntu6.27 2025-09-11 21:07:08 UTC

  qemu (1:6.2+dfsg-2ubuntu6.27) jammy-security; urgency=medium

  * SECURITY UPDATE: double-free in QEMU virtio devices
    - debian/patches/CVE-2024-3446-pre1.patch: add an optional reentrancy
      guard to the BH API in docs/devel/multiple-iothreads.txt,
      include/block/aio.h, include/qemu/main-loop.h,
      tests/unit/ptimer-test-stubs.c, util/async.c, util/main-loop.c,
      util/trace-events.
    - debian/patches/CVE-2024-3446-pre2.patch: replace most qemu_bh_new
      calls with qemu_bh_new_guarded.
    - debian/patches/CVE-2024-3446-pre3.patch: introduce
      virtio_bh_new_guarded() helper in hw/virtio/virtio.c,
      include/hw/virtio/virtio.h.
    - debian/patches/CVE-2024-3446-1.patch: protect from DMA re-entrancy
      bugs in hw/virtio/virtio-crypto.c.
    - debian/patches/CVE-2024-3446-2.patch: protect from DMA re-entrancy
      bugs in hw/char/virtio-serial-bus.c.
    - debian/patches/CVE-2024-3446-3.patch: protect from DMA re-entrancy
      bugs in hw/display/virtio-gpu.c.
    - CVE-2024-3446
  * SECURITY UPDATE: heap overflow in SDHCI device emulation
    - debian/patches/CVE-2024-3447.patch: do not update TRNMOD when Command
      Inhibit (DAT) is set in hw/sd/sdhci.c.
    - CVE-2024-3447
  * SECURITY UPDATE: resource consumption in disk utility
    - debian/patches/CVE-2024-4467-pre1.patch: do not reopen data_file in
      invalidate_cache in block/qcow2.c.
    - debian/patches/CVE-2024-4467-1.patch: don't open data_file with
      BDRV_O_NO_IO in block/qcow2.c, tests/qemu-iotests/061*.
    - debian/patches/CVE-2024-4467-2.patch: don't store data-file with
      protocol in image in tests/qemu-iotests/244.
    - debian/patches/CVE-2024-4467-3.patch: don't store data-file with
      json: prefix in image in tests/qemu-iotests/270.
    - debian/patches/CVE-2024-4467-4.patch: parse filenames only when
      explicitly requested in block.c.
    - CVE-2024-4467
  * SECURITY UPDATE: heap overflow in virtio-net device RSS feature
    - debian/patches/CVE-2024-6505.patch: ensure queue index fits with RSS
      in hw/net/virtio-net.c.
    - CVE-2024-6505
  * SECURITY UPDATE: Dos via improper synchronization during socket closure
    - debian/patches/CVE-2024-7409-1.patch: plumb in new args to
      nbd_client_add() in blockdev-nbd.c, include/block/nbd.h,
      nbd/server.c, qemu-nbd.c.
    - debian/patches/CVE-2024-7409-2.patch: cap default max-connections to
      100 in block/monitor/block-hmp-cmds.c, blockdev-nbd.c,
      include/block/nbd.h, qapi/block-export.json.
    - debian/patches/CVE-2024-7409-3.patch: close stray clients at
      server-stop in blockdev-nbd.c.
    - debian/patches/CVE-2024-7409-4.patch: drop non-negotiating clients in
      nbd/server.c, nbd/trace-events.
    - debian/patches/CVE-2024-7409-5.patch: avoid use-after-free when
      closing server in blockdev-nbd.c.
    - CVE-2024-7409
  * SECURITY UPDATE: DoS via assert failure in usb_ep_get()
    - debian/patches/CVE-2024-8354.patch: change ohci validation in
      hw/usb/hcd-ohci.c, hw/usb/trace-events.
    - CVE-2024-8354
  * SECURITY UPDATE: possibly binfmt privilege escalation (LP: #2120814)
    - debian/binfmt-install: stop using C (Credentials) flag for
      binfmt_misc registration.

 -- Marc Deslauriers <email address hidden> Mon, 25 Aug 2025 19:16:14 -0400
Source diff to previous version
2120814 binfmt_misc C (Credentials) flag as security risk with setuid binaries
CVE-2024-3446 A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insu
CVE-2024-3447 A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fif
CVE-2024-4467 A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing blo
CVE-2024-6505 A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within R
CVE-2024-7409 A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closur
CVE-2024-8354 A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a U

Version: 1:6.2+dfsg-2ubuntu6.26 2025-04-08 18:07:34 UTC

  qemu (1:6.2+dfsg-2ubuntu6.26) jammy; urgency=medium

  [ Christian Ehrhardt ]
  * d/p/u/lp-2098896-hw-nvme-fix-narrowing-conversion.patch:
    Fix nvme devices >= 1 TiB in size (LP: #2098896)
    Thanks to Ryan Harper for the report, bisect and preparation!
  * d/p/u/lp-2019967-*: Add Rome types with updated cache info (LP: #2019967)

 -- Lukas Märdian <email address hidden> Wed, 05 Mar 2025 11:48:26 +0100
Source diff to previous version
2098896 nvme disks 1TiB or greater show incorrect size
2019967 Add EPYC-Rome-v3 and EPYC-v4 model

Version: 1:6.2+dfsg-2ubuntu6.25 2025-02-26 23:06:59 UTC

  qemu (1:6.2+dfsg-2ubuntu6.25) jammy; urgency=medium

  * d/p/u/lp-2019968-add-missing-feature-bits-epyc-milan-*.patch: Add
    missing feature bits to EPYC-Milan CPU model. (LP: #2019968)

  [ Louis Bouchard ]
  * d/p/monitor-only-run-coroutine-commands-in-qemu_aio_cont.patch:
    Backport upstream fix for qmp timeouts.
    Upstream commit effd60c878176bcaf97fa7ce2b12d04bb8ead6f7
    (LP: #2091013)

 -- Sergio Durigan Junior <email address hidden> Wed, 29 Jan 2025 13:30:23 -0500
Source diff to previous version
2091013 Please backport upstream fix to qmp timeouts

Version: 1:6.2+dfsg-2ubuntu6.24 2024-11-11 01:06:59 UTC

  qemu (1:6.2+dfsg-2ubuntu6.24) jammy-security; urgency=medium

  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2023-3019-pre1.patch: Add definition for
      MemReentrancyGuard struct and add to DeviceState struct
    - debian/patches/CVE-2023-3019-1.patch: Provide MemReentrancyGuard *
      to qemu_new_nic()
    - debian/patches/CVE-2023-3019-2.patch: Update MemReentrancyGuard for
      NIC
    - CVE-2023-3019

 -- Bruce Cable <email address hidden> Tue, 22 Oct 2024 16:33:28 +1100
Source diff to previous version
CVE-2023-3019 A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged gues

Version: 1:6.2+dfsg-2ubuntu6.23 2024-10-24 22:07:05 UTC

  qemu (1:6.2+dfsg-2ubuntu6.23) jammy; urgency=medium

  * Implement support for secure execution guest dump encryption with
    customer keys on s390x. (LP: #1959966)
    - d/p/u/lp1959966-kvm-secure-guest-exec-*.patch: Backport upstream
      patches to implement feature.

 -- Sergio Durigan Junior <email address hidden> Tue, 20 Aug 2024 14:35:13 -0400
1959966 [23.04 FEAT] KVM: Secure Execution guest dump encryption with customer keys - qemu part


About   -   Send Feedback to @ubuntu_updates