UbuntuUpdates.org

Package "qemu"

Name: qemu

Description:

fast processor emulator

Latest version: 1:2.8+dfsg-3ubuntu2.5
Release: zesty (17.04)
Level: security
Repository: universe
Homepage: http://www.qemu.org/

Links

Save this URL for the latest version of "qemu": https://www.ubuntuupdates.org/qemu


Download "qemu"


Other versions of "qemu" in Zesty

Repository Area Version
base main 1:2.8+dfsg-3ubuntu2
base universe 1:2.8+dfsg-3ubuntu2
security main 1:2.8+dfsg-3ubuntu2.5
updates universe 1:2.8+dfsg-3ubuntu2.7
updates main 1:2.8+dfsg-3ubuntu2.7

Packages in group

Deleted packages are displayed in grey.

qemu-guest-agent qemu-system qemu-system-mips qemu-system-misc qemu-system-sparc
qemu-user qemu-user-binfmt qemu-user-static

Changelog

Version: 1:2.8+dfsg-3ubuntu2.5 2017-09-20 19:06:24 UTC

  qemu (1:2.8+dfsg-3ubuntu2.5) zesty-security; urgency=medium

  * SECURITY REGRESSION: regression in in USB xHCI emulation (LP: #1718222)
    - debian/patches/CVE-2017-9375-regression.patch: don't kick in
      xhci_submit and xhci_fire_ctl_transfer in hw/usb/hcd-xhci.c.

 -- Marc Deslauriers <email address hidden> Wed, 20 Sep 2017 07:22:48 -0400

Source diff to previous version

Version: 1:2.8+dfsg-3ubuntu2.4 2017-09-13 12:06:46 UTC

  qemu (1:2.8+dfsg-3ubuntu2.4) zesty-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via virtFS
    - debian/patches/CVE-2017-7493.patch: forbid client access to metadata
      in hw/9pfs/9p-local.c.
    - CVE-2017-7493
  * SECURITY UPDATE: DoS via message ring page count
    - debian/patches/CVE-2017-8112.patch: check page count in
      hw/scsi/vmw_pvscsi.c.
    - CVE-2017-8112
  * SECURITY UPDATE: DoS via OOB read in MegaSAS
    - debian/patches/CVE-2017-8380.patch: avoid off-by-one in
      hw/scsi/megasas.c.
    - CVE-2017-8380
  * SECURITY UPDATE: DoS in virtio GPU device
    - debian/patches/CVE-2017-9060.patch: fix memory leak in
      hw/display/virtio-gpu.c.
    - CVE-2017-9060
  * SECURITY UPDATE: DoS in e1000e NIC
    - debian/patches/CVE-2017-9310.patch: fix infinite loop in
      hw/net/e1000e_core.c.
    - CVE-2017-9310
  * SECURITY UPDATE: DoS in USB OHCI emulation
    - debian/patches/CVE-2017-9330.patch: fix error code in
      hw/usb/hcd-ohci.c.
    - CVE-2017-9330
  * SECURITY UPDATE: DoS in IDE AHCI emulation
    - debian/patches/CVE-2017-9373-1.patch: add cleanup function in
      hw/ide/core.c, include/hw/ide/internal.h.
    - debian/patches/CVE-2017-9373-2.patch: call cleanup function in
      hw/ide/ahci.c.
    - CVE-2017-9373
  * SECURITY UPDATE: DoS in USB EHCI emulation
    - debian/patches/CVE-2017-9374.patch: fix memory leak in
      hw/usb/hcd-ehci-pci.c, hw/usb/hcd-ehci.c, hw/usb/hcd-ehci.h.
    - CVE-2017-9374
  * SECURITY UPDATE: DoS in USB xHCI emulation
    - debian/patches/CVE-2017-9375.patch: guard against recursive calls in
      hw/usb/hcd-xhci.c.
    - CVE-2017-9375
  * SECURITY UPDATE: DoS in MegaSAS
    - debian/patches/CVE-2017-9503-1.patch: add test to
      tests/Makefile.include, tests/megasas-test.c.
    - debian/patches/CVE-2017-9503-2.patch: do not read sense length more
      than once in hw/scsi/megasas.c.
    - debian/patches/CVE-2017-9503-3.patch: do not read iovec count more
      than once in hw/scsi/megasas.c.
    - debian/patches/CVE-2017-9503-4.patch: do not read DCMD opcode more
      than once in hw/scsi/megasas.c.
    - debian/patches/CVE-2017-9503-5.patch: do not read command more than
      once in hw/scsi/megasas.c.
    - debian/patches/CVE-2017-9503-6.patch: do not read SCSI req parameters
      more than once in hw/scsi/megasas.c.
    - debian/patches/CVE-2017-9503-7.patch: always store SCSIRequest* into
      MegasasCmd in hw/scsi/megasas.c, added test to tests/megasas-test.c.
    - CVE-2017-9503
  * SECURITY UPDATE: DoS in NBD server support
    - debian/patches/CVE-2017-9524-1.patch: fully initialize client in
      nbd/server.c, qemu-nbd.c.
    - debian/patches/CVE-2017-9524-2.patch: fix regression in
      blockdev-nbd.c, include/block/nbd.h, nbd/server.c, qemu-nbd.c.
    - CVE-2017-9524
  * SECURITY UPDATE: DoS via incorrect SIGPIPE handling
    - debian/patches/CVE-2017-10664.patch: ignore SIGPIPE in qemu-nbd.c.
    - CVE-2017-10664
  * SECURITY UPDATE: stack overflow in usbredir_log_data
    - debian/patches/CVE-2017-10806.patch: use qemu_hexdump in
      hw/usb/redirect.c.
    - CVE-2017-10806
  * SECURITY UPDATE: memory disclosure in Xen block-interface responses
    - debian/patches/CVE-2017-10911.patch: fill the fields directly in
      hw/block/xen_disk.c.
    - CVE-2017-10911
  * SECURITY UPDATE: DoS via crafted DHCP options string
    - debian/patches/CVE-2017-11434.patch: check length in slirp/bootp.c.
    - CVE-2017-11434
  * SECURITY UPDATE: DoS via flushing empty CDROM drives
    - debian/patches/CVE-2017-12809.patch: don't flush empty drives in
      hw/ide/core.c.
    - CVE-2017-12809

 -- Marc Deslauriers <email address hidden> Tue, 22 Aug 2017 08:04:37 -0400

Source diff to previous version

Version: 1:2.8+dfsg-3ubuntu2.2 2017-05-16 16:06:46 UTC

  qemu (1:2.8+dfsg-3ubuntu2.2) zesty-security; urgency=medium

  * SECURITY UPDATE: denial of service via leak in virtFS
    - debian/patches/CVE-2017-7377.patch: fix file descriptor leak in
      hw/9pfs/9p.c.
    - CVE-2017-7377
  * SECURITY UPDATE: denial of service in cirrus_vga
    - debian/patches/CVE-2017-7718.patch: check parameters in
      hw/display/cirrus_vga_rop.h.
    - CVE-2017-7718
  * SECURITY UPDATE: code execution via cirrus_vga OOB r/w
    - debian/patches/CVE-2017-7980-1.patch: handle negative pitch in
      hw/display/cirrus_vga.c.
    - debian/patches/CVE-2017-7980-2.patch: allow zero source pitch in
      hw/display/cirrus_vga.c.
    - debian/patches/CVE-2017-7980-3.patch: fix blit address mask handling
      in hw/display/cirrus_vga.c.
    - debian/patches/CVE-2017-7980-4.patch: fix patterncopy checks in
      hw/display/cirrus_vga.c.
    - debian/patches/CVE-2017-7980-5.patch: revert allow zero source pitch
      in hw/display/cirrus_vga.c.
    - debian/patches/CVE-2017-7980-6.patch: stop passing around dst
      pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
      hw/display/cirrus_vga_rop2.h.
    - debian/patches/CVE-2017-7980-7.patch: stop passing around src
      pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
      hw/display/cirrus_vga_rop2.h.
    - debian/patches/CVE-2017-7980-8.patch: fix off-by-one in
      hw/display/cirrus_vga_rop.h.
    - debian/patches/CVE-2017-7980-9.patch: fix cirrus_invalidate_region in
      hw/display/cirrus_vga.c.
    - CVE-2017-7980
  * SECURITY UPDATE: denial of service via memory leak in virtFS
    - debian/patches/CVE-2017-8086.patch: fix leak in hw/9pfs/9p-xattr.c.
    - CVE-2017-8086
  * SECURITY UPDATE: denial of service via leak in audio
    - debian/patches/CVE-2017-8309.patch: release capture buffers in
      audio/audio.c.
    - CVE-2017-8309
  * SECURITY UPDATE: denial of service via leak in keyboard
    - debian/patches/CVE-2017-8379-1.patch: limit kbd queue depth in
      ui/input.c.
    - debian/patches/CVE-2017-8379-2.patch: don't queue delay if paused in
      ui/input.c.
    - CVE-2017-8379

 -- Marc Deslauriers <email address hidden> Wed, 10 May 2017 08:48:06 -0400

Source diff to previous version
CVE-2017-7377 The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a deni
CVE-2017-7718 hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and
CVE-2017-8086 Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a deni
CVE-2017-8309 audio: host memory leakage via capture buffer
CVE-2017-8379 input: host memory lekage via keyboard

Version: 1:2.8+dfsg-3ubuntu2.1 2017-04-25 12:06:27 UTC

  qemu (1:2.8+dfsg-3ubuntu2.1) zesty-security; urgency=medium

  * SECURITY UPDATE: DoS in virtio GPU device
    - debian/patches/CVE-2016-10028.patch: check virgl capabilities
      max_size in hw/display/virtio-gpu-3d.c.
    - CVE-2016-10028
  * SECURITY UPDATE: DoS in JAZZ RC4030 chipset emulation
    - debian/patches/CVE-2016-8667.patch: limit interval timer reload value
      in hw/dma/rc4030.c.
    - CVE-2016-8667
  * SECURITY UPDATE: host filesystem access via virtFS
    - debian/patches/CVE-2016-9602.patch: don't follow symlinks in
      hw/9pfs/*.
    - CVE-2016-9602
  * SECURITY UPDATE: arbitrary code execution via Cirrus VGA
    - debian/patches/CVE-2016-9603.patch: remove bitblit support from
      console code in hw/display/cirrus_vga.c, include/ui/console.h,
      ui/console.c, ui/vnc.c.
    - CVE-2016-9603
  * SECURITY UPDATE: information leak in virtio GPU device
    - debian/patches/CVE-2016-9908.patch: properly clear out memory in
      hw/display/virtio-gpu-3d.c.
    - CVE-2016-9908
  * SECURITY UPDATE: DoS via memory leak in virtio GPU device
    - debian/patches/CVE-2016-9912.patch: properly free memory in
      hw/display/virtio-gpu.c.
    - CVE-2016-9912
  * SECURITY UPDATE: DoS via virtFS
    - debian/patches/CVE-2016-9914.patch: add cleanup operations to
      fsdev/file-op-9p.h, hw/9pfs/9p.c.
    - CVE-2016-9914
  * SECURITY UPDATE: DoS via memory leak in virtio GPU device
    - debian/patches/CVE-2017-5552.patch: check return value in
      hw/display/virtio-gpu-3d.c.
    - CVE-2017-5552
  * SECURITY UPDATE: DoS via memory leak in virtio GPU device
    - debian/patches/CVE-2017-5578.patch: check res->iov in
      hw/display/virtio-gpu.c.
    - CVE-2017-5578
  * SECURITY UPDATE: DoS via infinite loop in SDHCI device emulation
    - debian/patches/CVE-2017-5987-*.patch: fix transfer mode register
      handling in hw/sd/sdhci.c.
    - CVE-2017-5987
  * SECURITY UPDATE: DoS via infinite loop in USB OHCI emulation
    - debian/patches/CVE-2017-6505.patch: limit the number of link eds in
      hw/usb/hcd-ohci.c.
    - CVE-2017-6505

 -- Marc Deslauriers <email address hidden> Mon, 24 Apr 2017 07:30:11 -0400

CVE-2016-1002 Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 2
CVE-2016-8667 The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-b
CVE-2016-9602 9p: virtfs allows guest to access host filesystem
CVE-2016-9603 cirrus: heap buffer overflow via vnc connection
CVE-2016-9908 Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processin
CVE-2016-9912 Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu
CVE-2016-9914 Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption
CVE-2017-5552 Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to c
CVE-2017-5578 Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to
CVE-2017-5987 The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial
CVE-2017-6505 The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (infinit



About   -   Send Feedback to @ubuntu_updates