UbuntuUpdates.org

Package "qemu-system-arm"

Name: qemu-system-arm

Description:

QEMU full system emulation binaries (arm)
Latest version: 1:7.2+dfsg-5ubuntu2.4
Release: lunar (23.04)
Level: updates
Repository: main
Head package: qemu
Homepage: http://www.qemu.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "qemu-system-arm"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "qemu-system-arm" in Lunar

Repository Area Version
base main 1:7.2+dfsg-5ubuntu2
security main 1:7.2+dfsg-5ubuntu2.4

Changelog

Version: 1:7.2+dfsg-5ubuntu2.4 2024-01-08 21:06:58 UTC

  qemu (1:7.2+dfsg-5ubuntu2.4) lunar-security; urgency=medium

  * SECURITY UPDATE: OOB read in RDMA device
    - debian/patches/CVE-2023-1544.patch: protect against buggy or
      malicious guest driver in hw/rdma/vmw/pvrdma_main.c.
    - CVE-2023-1544
  * SECURITY UPDATE: 9pfs special file access
    - debian/patches/CVE-2023-2861.patch: prevent opening special files in
      fsdev/virtfs-proxy-helper.c, hw/9pfs/9p-util.h.
    - CVE-2023-2861
  * SECURITY UPDATE: heap overflow in crypto device
    - debian/patches/CVE-2023-3180.patch: verify src&dst buffer length for
      sym request in hw/virtio/virtio-crypto.c.
    - CVE-2023-3180
  * SECURITY UPDATE: infinite loop in VNC server
    - debian/patches/CVE-2023-3255.patch: fix infinite loop in
      inflate_buffer in ui/vnc-clipboard.c.
    - CVE-2023-3255
  * SECURITY UPDATE: race in virtio-net hot-unplug
    - debian/patches/CVE-2023-3301.patch: do not cleanup the vdpa/vhost-net
      structures if peer nic is present in net/vhost-vdpa.c.
    - CVE-2023-3301
  * SECURITY UPDATE: DoS in VNC server
    - debian/patches/CVE-2023-3354.patch: remove io watch if TLS channel is
      closed during handshake in include/io/channel-tls.h,
      io/channel-tls.c.
    - CVE-2023-3354
  * SECURITY UPDATE: division by zero via scsi block size
    - debian/patches/CVE-2023-42467.patch: disallow block sizes smaller
      than 512 in hw/scsi/scsi-disk.c.
    - CVE-2023-42467
  * SECURITY UPDATE: disk offset 0 access
    - debian/patches/CVE-2023-5088.patch: cancel async DMA operation before
      resetting state in hw/ide/core.c.
    - CVE-2023-5088

 -- Marc Deslauriers <email address hidden> Thu, 30 Nov 2023 08:34:55 -0500
Source diff to previous version
CVE-2023-1544 A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a
CVE-2023-2861 A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host s
CVE-2023-3180 A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no ch
CVE-2023-3255 A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when in
CVE-2023-3301 A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci fr
CVE-2023-3354 A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections cro
CVE-2023-42467 QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent
CVE-2023-5088 A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overw

Version: 1:7.2+dfsg-5ubuntu2.3 2023-09-28 03:07:16 UTC

  qemu (1:7.2+dfsg-5ubuntu2.3) lunar; urgency=medium

  * d/rules: remove --no-start for qemu-guest-agent (LP: #2028124)

 -- Mitchell Dzurick <email address hidden> Thu, 31 Aug 2023 05:38:41 -0700
Source diff to previous version
2028124 apt dist-upgrade does not restart package qemu-guest-agent

Version: 1:7.2+dfsg-5ubuntu2.2 2023-06-19 06:07:12 UTC

  qemu (1:7.2+dfsg-5ubuntu2.2) lunar-security; urgency=medium

  * SECURITY UPDATE: reentrancy problem
    - debian/patches/CVE-2023-0330.patch: Fix reentrancy issues in the LSI
      controller
    - CVE-2023-0330

 -- Nishit Majithia <email address hidden> Tue, 13 Jun 2023 17:07:25 +0530
Source diff to previous version
CVE-2023-0330 A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like st

Version: 1:7.2+dfsg-5ubuntu2.1 2023-06-15 22:07:14 UTC

  qemu (1:7.2+dfsg-5ubuntu2.1) lunar; urgency=medium

  * d/p/u/allow-repeating-hot-unplug-requests.patch: Allow repeating
    hot-unplug requests by making ACPI PCI able to requeue them.
    (LP: #2018733)

 -- Sergio Durigan Junior <email address hidden> Fri, 26 May 2023 15:57:03 -0400
2018733 allow repeating hot-unplug requests


About   -   Send Feedback to @ubuntu_updates