Package "qemu-utils"
Name: |
qemu-utils
|
Description: |
qemu utilities
|
Latest version: |
1.0+noroms-0ubuntu14.31 |
Release: |
precise (12.04) |
Level: |
security |
Repository: |
main |
Head package: |
qemu-kvm |
Homepage: |
http://www.linux-kvm.org |
Links
Download "qemu-utils"
Other versions of "qemu-utils" in Precise
Changelog
qemu-kvm (1.0+noroms-0ubuntu14.31) precise-security; urgency=medium
* SECURITY UPDATE: DoS via unbounded memory allocation
- debian/patches/CVE-2016-5403.patch: re-enable original patch.
- debian/patches/CVE-2016-5403-2.patch: recalculate vq->inuse after
migration in hw/virtio.c.
- debian/patches/CVE-2016-5403-3.patch: decrement vq->inuse in
virtqueue_discard() in hw/virtio.c.
- debian/patches/CVE-2016-5403-4.patch: zero vq->inuse in
virtio_reset() in hw/virtio.c.
- CVE-2016-5403
* SECURITY UPDATE: directory traversal flaw in 9p virtio backend
- debian/patches/CVE-2016-7116-1.patch: forbid illegal path names in
hw/9pfs/virtio-9p.c.
- debian/patches/CVE-2016-7116-2.patch: forbid . and .. in file names
in hw/9pfs/virtio-9p.c.
- debian/patches/CVE-2016-7116-3.patch: handle walk of ".." in the root
directory in hw/9pfs/virtio-9p.*.
- debian/patches/CVE-2016-7116-4.patch: fix potential segfault during
walk in hw/9pfs/virtio-9p.c.
- CVE-2016-7116
* SECURITY UPDATE: buffer overflow in xlnx.xps-ethernetlite
- debian/patches/CVE-2016-7161.patch: fix a heap overflow in
hw/xilinx_ethlite.c.
- CVE-2016-7161
* SECURITY UPDATE: OOB stack memory access in vmware_vga
- debian/patches/CVE-2016-7170.patch: correct bitmap and pixmap size
checks in hw/vmware_vga.c.
- CVE-2016-7170
* SECURITY UPDATE: denial of service in mcf via invalid count
- debian/patches/CVE-2016-7908.patch: limit buffer descriptor count in
hw/mcf_fec.c.
- CVE-2016-7908
* SECURITY UPDATE: denial of service in pcnet via invalid length
- debian/patches/CVE-2016-7909.patch: check rx/tx descriptor ring
length in hw/pcnet.c.
- CVE-2016-7909
* SECURITY UPDATE: infinite loop in Intel HDA controller
- debian/patches/CVE-2016-8909.patch: check stream entry count during
transfer in hw/intel-hda.c.
- CVE-2016-8909
* SECURITY UPDATE: infinite loop in RTL8139 ethernet controller
- debian/patches/CVE-2016-8910.patch: limit processing of ring
descriptors in hw/rtl8139.c.
- CVE-2016-8910
* SECURITY UPDATE: memory leakage at device unplug in eepro100
- debian/patches/CVE-2016-9101.patch: fix memory leak in device uninit
in hw/eepro100.c.
- CVE-2016-9101
* SECURITY UPDATE: denial of service via memory leak in 9pfs
- debian/patches/CVE-2016-9102.patch: fix memory leak in
v9fs_xattrcreate in hw/9pfs/virtio-9p.c.
- CVE-2016-9102
* SECURITY UPDATE: information leakage via xattribute in 9pfs
- debian/patches/CVE-2016-9103.patch: fix information leak in xattr
read in hw/9pfs/virtio-9p.c.
- CVE-2016-9103
* SECURITY UPDATE: integer overflow leading to OOB access in 9pfs
- debian/patches/CVE-2016-9104.patch: fix integer overflow issue in
xattr read/write in hw/9pfs/virtio-9p.c.
- CVE-2016-9104
* SECURITY UPDATE: denial of service via memory leakage in 9pfs
- debian/patches/CVE-2016-9105.patch: fix memory leak in v9fs_link in
hw/9pfs/virtio-9p.c.
- CVE-2016-9105
-- Marc Deslauriers <email address hidden> Tue, 08 Nov 2016 08:16:37 -0500
|
Source diff to previous version |
CVE-2016-5403 |
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QE |
CVE-2016-7116 |
9p: directory traversal flaw in 9p virtio backend |
CVE-2016-7161 |
Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code |
CVE-2016-7170 |
vmware_vga: OOB stack memory access when processing svga command |
CVE-2016-7908 |
The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting pac |
CVE-2016-7909 |
The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infini |
CVE-2016-8909 |
The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (i |
CVE-2016-8910 |
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of servic |
CVE-2016-9101 |
net: eepro100 memory leakage at device unplug |
CVE-2016-9102 |
memory leakage when creating extended attribute |
CVE-2016-9103 |
9pfs: information leakage via xattribute |
CVE-2016-9104 |
9pfs: integer overflow leading to OOB access |
CVE-2016-9105 |
memory leakage in v9fs_link |
|
qemu-kvm (1.0+noroms-0ubuntu14.30) precise-security; urgency=medium
* SECURITY REGRESSION: crash on migration with memory stats enabled
(LP: #1612089)
- debian/patches/CVE-2016-5403.patch: disable for now pending
investigation.
-- Marc Deslauriers <email address hidden> Fri, 12 Aug 2016 08:49:38 -0400
|
Source diff to previous version |
CVE-2016-5403 |
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QE |
|
qemu-kvm (1.0+noroms-0ubuntu14.29) precise-security; urgency=medium
* SECURITY UPDATE: infinite loop in vmware_vga
- debian/patches/CVE-2016-4453.patch: limit fifo commands in
hw/vmware_vga.c.
- CVE-2016-4453
* SECURITY UPDATE: DoS or host memory leakage in vmware_vga
- debian/patches/CVE-2016-4454.patch: fix sanity checks in
hw/vmware_vga.c.
- CVE-2016-4454
* SECURITY UPDATE: DoS via unbounded memory allocation
- debian/patches/CVE-2016-5403.patch: check size in hw/virtio.c.
- CVE-2016-5403
-- Marc Deslauriers <email address hidden> Thu, 04 Aug 2016 07:50:42 -0400
|
Source diff to previous version |
CVE-2016-4453 |
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and |
CVE-2016-4454 |
The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information |
CVE-2016-5403 |
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QE |
|
qemu-kvm (1.0+noroms-0ubuntu14.28) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via multiple eof_timers in ohci
- debian/patches/CVE-2016-2391.patch: allocate timer only once in
hw/usb-ohci.c.
- CVE-2016-2391
* SECURITY UPDATE: denial of service in in remote NDIS control message
handling
- debian/patches/CVE-2016-2392.patch: check USB configuration
descriptor object in hw/usb-net.c.
- CVE-2016-2392
* SECURITY UPDATE: denial of service or host information leak in USB Net
device emulation support
- debian/patches/CVE-2016-2538.patch: check RNDIS buffer offsets and
length in hw/usb-net.c.
- CVE-2016-2538
* SECURITY UPDATE: denial of service via infinite loop in ne2000
- debian/patches/CVE-2016-2841.patch: heck ring buffer control
registers in hw/ne2000.c.
- CVE-2016-2841
* SECURITY UPDATE: denial of service via payload length in crafted packet
- debian/patches/CVE-2016-2857.patch: check packet payload length in
net/checksum.c.
- CVE-2016-2857
* SECURITY UPDATE: arbitrary host code execution via VGA module
- debian/patches/CVE-2016-3710.patch: fix banked access bounds checking
in hw/vga.c.
- CVE-2016-3710
* SECURITY UPDATE: denial of service via VGA module
- debian/patches/CVE-2016-3712.patch: make sure vga register setup for
vbe stays intact in hw/vga.c.
- CVE-2016-3712
* SECURITY UPDATE: denial of service in Luminary Micro Stellaris Ethernet
- debian/patches/CVE-2016-4001.patch: check packet length against
receive buffer in hw/stellaris_enet.c.
- CVE-2016-4001
* SECURITY UPDATE: denial of sevice and possible code execution in
MIPSnet
- debian/patches/CVE-2016-4002.patch: check size in hw/mipsnet.c.
- CVE-2016-4002
* SECURITY UPDATE: denial of service via infinite loop in in usb_ehci
- debian/patches/CVE-2016-4037.patch: apply limit to iTD/sidt
descriptors in hw/usb-ehci.c.
- CVE-2016-4037
-- Marc Deslauriers <email address hidden> Wed, 11 May 2016 08:24:36 -0400
|
Source diff to previous version |
CVE-2016-2391 |
usb: multiple eof_timers in ohci leads to null pointer dereference |
CVE-2016-2392 |
usb: null pointer dereference in remote NDIS control message handling |
CVE-2016-2538 |
usb: integer overflow in remote NDIS control message handling |
CVE-2016-2841 |
net: ne2000: infinite loop in ne2000_receive |
CVE-2016-2857 |
The net_checksum_calculate function in net/checksum.c in QEMU allows guest OS users to cause a denial of service (out-of-bounds heap read and crash) |
CVE-2016-3710 |
incorrect banked access bounds checking in vga module |
CVE-2016-3712 |
Out-of-bounds read when creating weird vga screen surface |
CVE-2016-4001 |
net: buffer overflow in stellaris_enet emulator |
CVE-2016-4002 |
Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote |
CVE-2016-4037 |
usb: Infinite loop vulnerability in usb_ehci using siTD process |
|
qemu-kvm (1.0+noroms-0ubuntu14.27) precise-security; urgency=medium
* SECURITY UPDATE: vnc floating point exception
- debian/patches/CVE-2015-8504.patch: handle zero values in ui/vnc.c.
- CVE-2015-8504
* SECURITY UPDATE: paravirtualized drivers incautious about shared memory
contents
- debian/patches/CVE-2015-8550-1.patch: avoid double access in
hw/xen_blkif.h.
- debian/patches/CVE-2015-8550-2.patch: avoid reading twice in
hw/xenfb.c.
- CVE-2015-8550
* SECURITY UPDATE: infinite loop in ehci_advance_state
- debian/patches/CVE-2015-8558.patch: make idt processing more robust
in hw/usb-ehci.c.
- CVE-2015-8558
* SECURITY UPDATE: ne2000 OOB r/w in ioport operations
- debian/patches/CVE-2015-8743.patch: fix bounds check in ioport
operations in hw/ne2000.c.
- CVE-2015-8743
* SECURITY UPDATE: ahci use-after-free vulnerability in aio port commands
- debian/patches/CVE-2016-1568.patch: reset ncq object to unused on
error in hw/ide/ahci.c.
- CVE-2016-1568
* SECURITY UPDATE: firmware configuration device OOB rw access
- debian/patches/CVE-2016-1714.patch: avoid calculating invalid current
entry pointer in hw/fw_cfg.c.
- CVE-2016-1714
* SECURITY UPDATE: e1000 infinite loop
- debian/patches/CVE-2016-1981.patch: eliminate infinite loops on
out-of-bounds transfer start in hw/e1000.c.
- CVE-2016-1981
-- Marc Deslauriers <email address hidden> Tue, 02 Feb 2016 08:33:07 -0500
|
CVE-2015-8504 |
vnc: avoid floating point exception |
CVE-2015-8550 |
paravirtualized drivers incautious about shared memory contents |
CVE-2015-8558 |
usb: infinite loop in ehci_advance_state results in DoS |
CVE-2015-8743 |
net: ne2000: OOB r/w in ioport operations |
CVE-2016-1568 |
ide: ahci use-after-free vulnerability in aio port commands |
CVE-2016-1714 |
nvram: OOB r/w access in processing firmware configurations |
CVE-2016-1981 |
net: e1000 infinite loop in start_xmit and e1000_receive_iov routines |
|
About
-
Send Feedback to @ubuntu_updates