This bug was fixed in the package qemu - 1:4.2-3ubuntu6.23
--------------- qemu (1:4.2-3ubuntu6.23) focal-security; urgency=medium
* SECURITY UPDATE: heap overflow in floppy disk emulator - debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in hw/block/fdc.c. - CVE-2021-3507 * SECURITY UPDATE: integer overflow in QXL display device emulation - debian/patches/CVE-2021-4206.patch: check width and height in hw/display/qxl-render.c, hw/display/vmware_vga.c, ui/cursor.c. - CVE-2021-4206 * SECURITY UPDATE: heap overflow in QXL display device emulation - debian/patches/CVE-2021-4207.patch: fix race condition in qxl_cursor in hw/display/qxl-render.c. - CVE-2021-4207 * SECURITY UPDATE: memory leakage in virtio-net device - debian/patches/CVE-2022-26353.patch: fix map leaking on error during receive in hw/net/virtio-net.c. - CVE-2022-26353 * SECURITY UPDATE: memory leakage in vhost-vsock device - debian/patches/CVE-2022-26354.patch: detach the virqueue element in case of error in hw/virtio/vhost-vsock.c. - CVE-2022-26354
-- Marc Deslauriers <email address hidden> Thu, 09 Jun 2022 11:35:04 -0400
This bug was fixed in the package qemu - 1:4.2-3ubuntu6.23
---------------
qemu (1:4.2-3ubuntu6.23) focal-security; urgency=medium
* SECURITY UPDATE: heap overflow in floppy disk emulator patches/ CVE-2021- 3507.patch: prevent end-of-track overrun in block/fdc. c. patches/ CVE-2021- 4206.patch: check width and height in display/ qxl-render. c, hw/display/ vmware_ vga.c, ui/cursor.c. patches/ CVE-2021- 4207.patch: fix race condition in qxl_cursor qxl-render. c. patches/ CVE-2022- 26353.patch: fix map leaking on error during virtio- net.c. patches/ CVE-2022- 26354.patch: detach the virqueue element in vhost-vsock. c.
- debian/
hw/
- CVE-2021-3507
* SECURITY UPDATE: integer overflow in QXL display device emulation
- debian/
hw/
- CVE-2021-4206
* SECURITY UPDATE: heap overflow in QXL display device emulation
- debian/
in hw/display/
- CVE-2021-4207
* SECURITY UPDATE: memory leakage in virtio-net device
- debian/
receive in hw/net/
- CVE-2022-26353
* SECURITY UPDATE: memory leakage in vhost-vsock device
- debian/
case of error in hw/virtio/
- CVE-2022-26354
-- Marc Deslauriers <email address hidden> Thu, 09 Jun 2022 11:35:04 -0400