-
qemu (1:2.2+dfsg-5expubuntu9.7) vivid-security; urgency=medium
* SECURITY UPDATE: denial of service via jumbo frame flood in virtio
- debian/patches/CVE-2015-7295.patch: drop truncated packets in
hw/net/virtio-net.c, hw/virtio/virtio.c, include/hw/virtio/virtio.h.
- CVE-2015-7295
* SECURITY UPDATE: loopback mode heap overflow vulnerability in pcnet
- debian/patches/CVE-2015-7504.patch: leave room for CRC code in
hw/net/pcnet.c.
- CVE-2015-7504
* SECURITY UPDATE: non-loopback mode buffer overflow in pcnet
- debian/patches/CVE-2015-7512.patch: check packet length in
hw/net/pcnet.c.
- CVE-2015-7512
* SECURITY UPDATE: infinite loop in eepro100
- debian/patches/CVE-2015-8345.patch: prevent endless loop in
hw/net/eepro100.c.
- CVE-2015-8345
-- Marc Deslauriers <email address hidden> Tue, 01 Dec 2015 16:00:18 -0500
-
qemu (1:2.2+dfsg-5expubuntu9.6) vivid; urgency=low
* debian/patches/upstream-fix-irq-route-entries.patch
Fix "kvm_irqchip_commit_routes: Assertion 'ret == 0' failed"
(LP: #1465935)
-- Stefan Bader <email address hidden> Fri, 09 Oct 2015 17:04:26 +0200
-
qemu (1:2.2+dfsg-5expubuntu9.5) vivid-security; urgency=medium
* SECURITY UPDATE: denial of service via NE2000 driver
- debian/patches/CVE-2015-5278.patch: fix infinite loop in
hw/net/ne2000.c.
- CVE-2015-5278
* SECURITY UPDATE: denial of service and possible code execution via
heap overflow in NE2000 driver
- debian/patches/CVE-2015-5279.patch: validate ring buffer pointers in
hw/net/ne2000.c.
- CVE-2015-5279
* SECURITY UPDATE: denial of service via e1000 infinite loop
- debian/patches/CVE-2015-6815.patch: check bytes in hw/net/e1000.c.
- CVE-2015-6815
* SECURITY UPDATE: denial of service via illegal ATAPI commands
- debian/patches/CVE-2015-6855.patch: fix ATAPI command permissions in
hw/ide/core.c.
- CVE-2015-6855
-- Marc Deslauriers <email address hidden> Wed, 23 Sep 2015 15:12:10 -0400
-
qemu (1:2.2+dfsg-5expubuntu9.4) vivid-security; urgency=medium
* SECURITY UPDATE: process heap memory disclosure
- debian/patches/CVE-2015-5165.patch: check sizes in hw/net/rtl8139.c.
- CVE-2015-5165
* SECURITY UPDATE: privilege escalation via block device unplugging
- debian/patches/CVE-2015-5166.patch: properly unhook from BlockBackend
in hw/ide/piix.c.
- CVE-2015-5166
* SECURITY UPDATE: privilege escalation via memory corruption in vnc
- debian/patches/CVE-2015-5225.patch: use bytes per scanline to apply
limits in ui/vnc.c.
- CVE-2015-5225
* SECURITY UPDATE: denial of service via virtio-serial
- debian/patches/CVE-2015-5745.patch: don't assume a specific layout
for control messages in hw/char/virtio-serial-bus.c.
- CVE-2015-5745
-- Marc Deslauriers <email address hidden> Tue, 25 Aug 2015 09:52:07 -0400
-
qemu (1:2.2+dfsg-5expubuntu9.3) vivid-security; urgency=medium
* SECURITY UPDATE: out-of-bounds memory access in pit_ioport_read()
- debian/patches/CVE-2015-3214.patch: ignore read in hw/timer/i8254.c.
- CVE-2015-3214
* SECURITY UPDATE: heap overflow when processing ATAPI commands
- debian/patches/CVE-2015-5154.patch: check bounds and clear DRQ in
hw/ide/core.c, make sure command is completed in hw/ide/atapi.c.
- CVE-2015-5154
* SECURITY UPDATE: buffer overflow in scsi_req_parse_cdb
- debian/patches/CVE-2015-5158.patch: check length in
hw/scsi/scsi-bus.c.
- CVE-2015-5158
-- Marc Deslauriers <email address hidden> Mon, 27 Jul 2015 13:04:03 -0400
-
qemu (1:2.2+dfsg-5expubuntu9.2) vivid-security; urgency=medium
* SECURITY UPDATE: heap overflow in PCNET controller
- debian/patches/CVE-2015-3209.patch: check bounds in hw/net/pcnet.c.
- CVE-2015-3209
* SECURITY UPDATE: unsafe /tmp filename use by slirp
- debian/patches/CVE-2015-4037.patch: use mkdtemp in net/slirp.c.
- CVE-2015-4037
* SECURITY UPDATE: denial of service via MSI message data field write
- debian/patches/CVE-2015-4103.patch: properly gate writes in
hw/xen/xen_pt.c, hw/xen/xen_pt.h, hw/xen/xen_pt_config_init.c.
- CVE-2015-4103
* SECURITY UPDATE: denial of service via MSI mask bits access
- debian/patches/CVE-2015-4104.patch: don't allow guest access in
hw/pci/msi.c, hw/xen/xen_pt_config_init.c, include/hw/pci/pci_regs.h.
- CVE-2015-4104
* SECURITY UPDATE: denial of service via PCI MSI-X pass-through error
message logging
- debian/patches/CVE-2015-4105.patch: limit messages in
hw/xen/xen_pt.h, hw/xen/xen_pt_msi.c.
- CVE-2015-4105
* SECURITY UPDATE: denial of service or possible privilege escalation via
write access to PCI config space
- debian/patches/CVE-2015-4106-*.patch: multiple upstream commits to
restrict passthough in hw/xen/xen_pt_config_init.c, hw/xen/xen_pt.h,
hw/xen/xen_pt.c.
- CVE-2015-4106
-- Marc Deslauriers <email address hidden> Tue, 09 Jun 2015 07:40:29 -0400
-
qemu (1:2.2+dfsg-5expubuntu9.1) vivid-security; urgency=medium
* SECURITY UPDATE: denial of service in vnc web
- debian/patches/CVE-2015-1779-1.patch: incrementally decode websocket
frames in ui/vnc-ws.c, ui/vnc-ws.h, ui/vnc.h.
- debian/patches/CVE-2015-1779-2.patch: limit size of HTTP headers from
websockets clients in ui/vnc-ws.c.
- CVE-2015-1779
* SECURITY UPDATE: host code execution via floppy device (VEMON)
- debian/patches/CVE-2015-3456.patch: force the fifo access to be in
bounds of the allocated buffer in hw/block/fdc.c.
- CVE-2015-3456
-- Marc Deslauriers <email address hidden> Wed, 13 May 2015 07:31:26 -0400
-
qemu (1:2.2+dfsg-5expubuntu9) vivid; urgency=low
* CVE-2015-2756 / XSA-126
- xen: limit guest control of PCI command register
-- Stefan Bader <email address hidden> Wed, 08 Apr 2015 10:17:45 +0200
-
qemu (1:2.2+dfsg-5expubuntu8) vivid; urgency=medium
* debian/qemu-system-x86.qemu-kvm.upstart: fix redirection to not
accidentally create /1
-- Steve Beattie <email address hidden> Thu, 12 Mar 2015 16:46:51 -0700
-
qemu (1:2.2+dfsg-5expubuntu7) vivid; urgency=low
* No-change rebuild to pull in libxl-4.5 (take 2: step to the right).
-- Stefan Bader <email address hidden> Thu, 26 Feb 2015 08:55:35 +0100
-
qemu (1:2.2+dfsg-5expubuntu6) vivid; urgency=low
* No-change rebuild to pull in libxl-4.5.
-- Stefan Bader <email address hidden> Wed, 25 Feb 2015 13:58:37 +0100
-
qemu (1:2.2+dfsg-5expubuntu5) vivid; urgency=medium
* debian/control-in: enable numa on architectures where numa is built
(LP: #1417937)
-- Serge Hallyn <email address hidden> Thu, 12 Feb 2015 23:18:58 -0600
-
qemu (1:2.2+dfsg-5expubuntu4) vivid; urgency=medium
[Scott Moser]
* update d/kvm.powerpc to avoid use of awk, which isn't allowed by aa
profile when started by libvirt.
[Serge Hallyn]
* add symlink qemu-system-ppc64le -> qemu-system-ppc64
* debian/rules: fix DEB_HOST_ARCh fix to ppc64el for installing qemu-kvm init script
(LP: #1419855)
[Chris J Arges]
* Determine if we are running inside a virtual environment. If running inside
a virtualized enviornment do _not_ automatically enable KSM. (LP: #1418339)
-- Serge Hallyn <email address hidden> Thu, 12 Feb 2015 13:04:21 -0600
-
qemu (1:2.2+dfsg-5expubuntu1) vivid; urgency=medium
* Merge 1:2.2+dfsg-5exp from Debian. (LP: #1409308)
- debian/rules: do not drop the init scripts loading kvm modules
(still needed in precise in cloud archive)
* Remaining changes:
- qemu-system-common.postinst:
* remove acl placed by udev, and add udevadm trigger.
* reload kvm_intel if needed to set nested=1
- qemu-system-common.preinst: add kvm group if needed
- add qemu-kvm upstart job and defaults file (rules,
qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
- rules,qemu-system-x86.modprobe: support use under older udevs which
do not auto-load the kvm kernel module. Enable nesting by default
on intel.
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
in qemu64 cpu type.
- d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
machine type to ease future live vm migration.
- apport hook for qemu source package: d/source_qemu-kvm.py,
d/qemu-system-common.install
* Dropped all patches which are applied upstream
* Update ubuntu-vivid machine type to default to std graphics (following
upstream's lead for pc-i440fx-2.2 machine type)
-- Serge Hallyn <email address hidden> Mon, 09 Feb 2015 22:31:09 -0600
-
qemu (1:2.1+dfsg-11ubuntu2) vivid; urgency=medium
* Cherrypick upstream patch needed to allow ESx hosts to run under
kvm (LP: #1411575)
-- Serge Hallyn <email address hidden> Fri, 16 Jan 2015 16:32:48 -0600
-
qemu (1:2.1+dfsg-11ubuntu1) vivid; urgency=medium
* Merge 2.1+dfsg-11. Remaining changes:
- qemu-system-common.postinst:
* remove acl placed by udev, and add udevadm trigger.
* reload kvm_intel if needed to set nested=1
- qemu-system-common.preinst: add kvm group if needed
- add qemu-kvm upstart job and defaults file (rules,
qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
- rules,qemu-system-x86.modprobe: support use under older udevs which
do not auto-load the kvm kernel module. Enable nesting by default
on intel.
- debian/qemu-system-alternatives.in: use a later version as ubuntu
removed the alternatives bit later.
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
in qemu64 cpu type.
- d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
machine type to ease future live vm migration.
- apport hook for qemu source package: d/source_qemu-kvm.py,
d/qemu-system-common.install
- debian/binfmt-update-in: support ppcle
* debian/binfmt-update-in
* Support-ppcle.patch
- Upstream patches to fix AArch64 emulation ignoring SPSel=0:
* d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch
* d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch
* d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch:
* Dropped patches (upstream or now in debian's tree):
- upstream-xen_disk-fix-unmapping-of-persistent-grants.patch
- CVE-2014-7840.patch
- CVE-2014-8106.patch
-- Serge Hallyn <email address hidden> Wed, 17 Dec 2014 13:57:34 -0600
-
qemu (2.1+dfsg-7ubuntu5) vivid; urgency=medium
* SECURITY UPDATE: code execution via savevm data
- debian/patches/CVE-2014-7840.patch: validate parameters in
arch_init.c.
- CVE-2014-7840
* SECURITY UPDATE: code execution via cirrus vga blit regions
(LP: #1400775)
- debian/patches/CVE-2014-8106.patch: properly validate blit regions in
hw/display/cirrus_vga.c.
- CVE-2014-8106
-- Marc Deslauriers <email address hidden> Thu, 11 Dec 2014 14:11:52 -0500
-
qemu (2.1+dfsg-7ubuntu4) vivid; urgency=low
* d/rules: Fix vendor check to make kvm-spice symlinks (DEB_VENDOR got
dropped and VENDOR now will be all capital UBUNTU).
-- Stefan Bader <email address hidden> Mon, 08 Dec 2014 14:45:31 +0100
-
qemu (2.1+dfsg-7ubuntu3) vivid; urgency=medium
* d/p/target-arm-A64-Break-out-aarch64_save-restore_sp.patch
d/p/target-arm-A64-Respect-SPSEL-in-ERET-SP-restore.patch
d/p/target-arm-A64-Respect-SPSEL-when-taking-exceptions.patch:
Cherry-pick of upstream patches in order to fix AArch64 emulation ignoring
SPSel=0 in certain conditions. (LP: #1349277)
-- Chris J Arges <email address hidden> Thu, 04 Dec 2014 14:17:01 -0600
-
qemu (2.1+dfsg-7ubuntu2) vivid; urgency=low
* d/p/upstream-xen_disk-fix-unmapping-of-persistent-grants.patch:
Cherry-pick of qemu-upstream patch to fix issues with persistent
grants and the PV backend (Qdisk) (LP: #1394327).
-- Stefan Bader <email address hidden> Fri, 28 Nov 2014 13:14:37 +0100
-
qemu (2.1+dfsg-7ubuntu1) vivid; urgency=medium
* Merge 2.1+dfsg-7. Remaining changes:
- qemu-system-common.postinst:
* remove acl placed by udev, and add udevadm trigger.
* reload kvm_intel if needed to set nested=1
- qemu-system-common.preinst: add kvm group if needed
- add qemu-kvm upstart job and defaults file (rules,
qemu-system-x86.qemu-kvm.default, qemu-system-x86.qemu-kvm.upstart)
- rules,qemu-system-x86.modprobe: support use under older udevs which
do not auto-load the kvm kernel module. Enable nesting by default
on intel.
- debian/qemu-system-alternatives.in: use a later version as ubuntu
removed the alternatives bit later.
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by default
in qemu64 cpu type.
- d/p/ubuntu/define-trusty-machine-type.patch: define a default trusty
machine type to ease future live vm migration.
- apport hook for qemu source package: d/source_qemu-kvm.py,
d/qemu-system-common.install
- debian/binfmt-update-in: support ppcle
* debian/binfmt-update-in
* Support-ppcle.patch
* Dropped patches (upstream or now in debian's tree):
- pc-reserve-more-memory-for-acpi.patch
- CVE-2014-5388.patch
- 501-block-raw-posix-fix-disk-corruption-in-try-fiemap and
502-block-raw-posic-use-seek-hole-ahead-of-fiemap (combined
in debian)
- CVE-2014-3615.patch
- CVE-2014-3640.patch
- CVE-2014-3689.patch
- CVE-2014-7815.patch
qemu (2.1+dfsg-7) unstable; urgency=high
* urgency is high due to 2 security fixes
(one current and one forgotten in previous release)
and because of possible data corruption bugfix
* vnc-sanitize-bits_per_pixel-from-the-client-CVE-2014-7815.patch
from upstream (Closes: CVE-2014-7815)
* fix spelling mistake in previous changelog entry
* add two patches from upstream for block/raw-posix.c to work around
probs in FS_IOC_FIEMAP ioctl and to prefer seek_hole over fiemap.
This should fix a long-standing ghost data corruption observed
in various places.
qemu (2.1+dfsg-6) unstable; urgency=medium
* mention closing of CVE-2014-3615 by 2.1.2 (2.1+dfsg-5)
* 9p-use-little-endian-format-for-xattr-values.patch (Closes: #755740)
* mention closing of #760386
* mention closing of more CVEs by 2.1+dfsg-1
* recognize ppc64el in qemu-debootstrap (Luca Falavigna) (Closes: #760949)
* use dpkg-vendor to let derived distros to use our d/rules
* use /usr/share/dpkg/architecture.mk to get DEB_HOST_* and DEB_BUILD_*
variables. This restores cross building support.
* use /usr/share/dpkg/buildflags.mk for CFLAGS LDFLAGS &Co
* pass -DVENDOR_{DEBIAN,UBUNTU} to compiler
* do not treat ppc* and ppc*le as compatible for binfmt registrations
* mention ACPI SLIC to RSDT id copying if slic table is supplied,
thank you Tim Small for the patch (Closes: #765075)
* apply 5 patches from upstream to fix a security issue in
vmware-vga (Closes: #765496 CVE-2014-3689)
* apply two patches from upstream to make qemu to work with samba4
(Closes: #747636)
qemu (2.1+dfsg-5) unstable; urgency=medium
* upstream bugfix release v2.1.2
(Closes: #762532 CVE-2014-3640 CVE-2014-5388 CVE-2014-3615)
* Add x32 to the list of supported architectures
(patch by Thorsten Glaser) (Closes: #760386)
* fix wrong reference in kvm.1 (Closes: #761137)
* removed patches (applied upstream):
l2tp-linux-only.patch
ide-only-constrain-read_write-requests-to-drive-size.diff
pc-reserve-more-memory-for-acpi.patch
-- Serge Hallyn <email address hidden> Sat, 22 Nov 2014 18:36:53 -0600
-
qemu (2.1+dfsg-4ubuntu9) vivid; urgency=medium
* SECURITY UPDATE: information disclosure via vga driver
- debian/patches/CVE-2014-3615.patch: return the correct memory size,
sanity check register writes, and don't use fixed buffer sizes in
hw/display/qxl.c, hw/display/vga.c, hw/display/vga_int.h,
ui/spice-display.c.
- CVE-2014-3615
* SECURITY UPDATE: denial of service via slirp NULL pointer deref
- debian/patches/CVE-2014-3640.patch: make sure socket is not just a
stub in slirp/udp.c.
- CVE-2014-3640
* SECURITY UPDATE: possible privilege escalation via vmware-vga driver
- debian/patches/CVE-2014-3689.patch: verify rectangles in
hw/display/vmware_vga.c.
- CVE-2014-3689
* SECURITY UPDATE: denial of service via VNC console
- debian/patches/CVE-2014-7815.patch: validate bits_per_pixel in
ui/vnc.c.
- CVE-2014-7815
-- Marc Deslauriers <email address hidden> Thu, 13 Nov 2014 07:31:03 -0500
-
qemu (2.1+dfsg-4ubuntu8) vivid; urgency=medium
* Support qemu-kvm on x32, arm64, ppc64 and pp64el architectures
(LP: #1389897) (Patch thanks to mwhudson, BenC, and infinity)
-- Serge Hallyn <email address hidden> Tue, 11 Nov 2014 15:51:47 -0600
-
qemu (2.1+dfsg-4ubuntu7) vivid; urgency=medium
* Apply two patches to fix intermittent qemu-img corruption
(LP: #1368815)
- 501-block-raw-posix-fix-disk-corruption-in-try-fiemap
- 502-block-raw-posic-use-seek-hole-ahead-of-fiemap
-- Serge Hallyn <email address hidden> Wed, 29 Oct 2014 22:31:43 -0500
-
qemu (2.1+dfsg-4ubuntu6) utopic; urgency=medium
* debian/control: slof is moving into main, so we can depend on qemu-slof as
debian does.
-- Serge Hallyn <email address hidden> Wed, 15 Oct 2014 22:01:27 +0200