-
qemu (1:2.8+dfsg-3ubuntu2.8) zesty; urgency=medium
* Backport support for GICv3/vITS save/restore (LP: #1710019).
-- dann frazier <email address hidden> Tue, 14 Nov 2017 08:27:31 -0700
-
qemu (1:2.8+dfsg-3ubuntu2.7) zesty; urgency=medium
* d/p/ubuntu/virtio-Fix-no-interrupt-when-not-creating-msi-contro.patch:
on Arm fix no interrupt when not creating msi controller. That fixes
broken networking if running with virtio-mmio only (LP: #1719196).
-- Christian Ehrhardt <email address hidden> Wed, 18 Oct 2017 16:17:34 +0200
-
qemu (1:2.8+dfsg-3ubuntu2.6) zesty; urgency=medium
* fix enablement of qemu-kvm service (LP: #1720397)
- rename d/qemu-kvm.service to d/qemu-system-common.qemu-kvm.service
- d/rules: add proper enablement debhelper calls
- d/qemu-system-common.install: install covered by dh_installinit
-- Christian Ehrhardt <email address hidden> Tue, 17 Oct 2017 11:31:53 +0200
-
qemu (1:2.8+dfsg-3ubuntu2.5) zesty-security; urgency=medium
* SECURITY REGRESSION: regression in in USB xHCI emulation (LP: #1718222)
- debian/patches/CVE-2017-9375-regression.patch: don't kick in
xhci_submit and xhci_fire_ctl_transfer in hw/usb/hcd-xhci.c.
-- Marc Deslauriers <email address hidden> Wed, 20 Sep 2017 07:22:48 -0400
-
qemu (1:2.8+dfsg-3ubuntu2.4) zesty-security; urgency=medium
* SECURITY UPDATE: privilege escalation via virtFS
- debian/patches/CVE-2017-7493.patch: forbid client access to metadata
in hw/9pfs/9p-local.c.
- CVE-2017-7493
* SECURITY UPDATE: DoS via message ring page count
- debian/patches/CVE-2017-8112.patch: check page count in
hw/scsi/vmw_pvscsi.c.
- CVE-2017-8112
* SECURITY UPDATE: DoS via OOB read in MegaSAS
- debian/patches/CVE-2017-8380.patch: avoid off-by-one in
hw/scsi/megasas.c.
- CVE-2017-8380
* SECURITY UPDATE: DoS in virtio GPU device
- debian/patches/CVE-2017-9060.patch: fix memory leak in
hw/display/virtio-gpu.c.
- CVE-2017-9060
* SECURITY UPDATE: DoS in e1000e NIC
- debian/patches/CVE-2017-9310.patch: fix infinite loop in
hw/net/e1000e_core.c.
- CVE-2017-9310
* SECURITY UPDATE: DoS in USB OHCI emulation
- debian/patches/CVE-2017-9330.patch: fix error code in
hw/usb/hcd-ohci.c.
- CVE-2017-9330
* SECURITY UPDATE: DoS in IDE AHCI emulation
- debian/patches/CVE-2017-9373-1.patch: add cleanup function in
hw/ide/core.c, include/hw/ide/internal.h.
- debian/patches/CVE-2017-9373-2.patch: call cleanup function in
hw/ide/ahci.c.
- CVE-2017-9373
* SECURITY UPDATE: DoS in USB EHCI emulation
- debian/patches/CVE-2017-9374.patch: fix memory leak in
hw/usb/hcd-ehci-pci.c, hw/usb/hcd-ehci.c, hw/usb/hcd-ehci.h.
- CVE-2017-9374
* SECURITY UPDATE: DoS in USB xHCI emulation
- debian/patches/CVE-2017-9375.patch: guard against recursive calls in
hw/usb/hcd-xhci.c.
- CVE-2017-9375
* SECURITY UPDATE: DoS in MegaSAS
- debian/patches/CVE-2017-9503-1.patch: add test to
tests/Makefile.include, tests/megasas-test.c.
- debian/patches/CVE-2017-9503-2.patch: do not read sense length more
than once in hw/scsi/megasas.c.
- debian/patches/CVE-2017-9503-3.patch: do not read iovec count more
than once in hw/scsi/megasas.c.
- debian/patches/CVE-2017-9503-4.patch: do not read DCMD opcode more
than once in hw/scsi/megasas.c.
- debian/patches/CVE-2017-9503-5.patch: do not read command more than
once in hw/scsi/megasas.c.
- debian/patches/CVE-2017-9503-6.patch: do not read SCSI req parameters
more than once in hw/scsi/megasas.c.
- debian/patches/CVE-2017-9503-7.patch: always store SCSIRequest* into
MegasasCmd in hw/scsi/megasas.c, added test to tests/megasas-test.c.
- CVE-2017-9503
* SECURITY UPDATE: DoS in NBD server support
- debian/patches/CVE-2017-9524-1.patch: fully initialize client in
nbd/server.c, qemu-nbd.c.
- debian/patches/CVE-2017-9524-2.patch: fix regression in
blockdev-nbd.c, include/block/nbd.h, nbd/server.c, qemu-nbd.c.
- CVE-2017-9524
* SECURITY UPDATE: DoS via incorrect SIGPIPE handling
- debian/patches/CVE-2017-10664.patch: ignore SIGPIPE in qemu-nbd.c.
- CVE-2017-10664
* SECURITY UPDATE: stack overflow in usbredir_log_data
- debian/patches/CVE-2017-10806.patch: use qemu_hexdump in
hw/usb/redirect.c.
- CVE-2017-10806
* SECURITY UPDATE: memory disclosure in Xen block-interface responses
- debian/patches/CVE-2017-10911.patch: fill the fields directly in
hw/block/xen_disk.c.
- CVE-2017-10911
* SECURITY UPDATE: DoS via crafted DHCP options string
- debian/patches/CVE-2017-11434.patch: check length in slirp/bootp.c.
- CVE-2017-11434
* SECURITY UPDATE: DoS via flushing empty CDROM drives
- debian/patches/CVE-2017-12809.patch: don't flush empty drives in
hw/ide/core.c.
- CVE-2017-12809
-- Marc Deslauriers <email address hidden> Tue, 22 Aug 2017 08:04:37 -0400
-
qemu (1:2.8+dfsg-3ubuntu2.3) zesty; urgency=medium
* debian/rules: fix installation of /etc/default/qemu-kvm (LP: #1692530)
This was inadvertently dropped on 2.8 merge.
-- Christian Ehrhardt <email address hidden> Mon, 22 May 2017 15:45:58 +0200
-
qemu (1:2.8+dfsg-3ubuntu2.2) zesty-security; urgency=medium
* SECURITY UPDATE: denial of service via leak in virtFS
- debian/patches/CVE-2017-7377.patch: fix file descriptor leak in
hw/9pfs/9p.c.
- CVE-2017-7377
* SECURITY UPDATE: denial of service in cirrus_vga
- debian/patches/CVE-2017-7718.patch: check parameters in
hw/display/cirrus_vga_rop.h.
- CVE-2017-7718
* SECURITY UPDATE: code execution via cirrus_vga OOB r/w
- debian/patches/CVE-2017-7980-1.patch: handle negative pitch in
hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-2.patch: allow zero source pitch in
hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-3.patch: fix blit address mask handling
in hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-4.patch: fix patterncopy checks in
hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-5.patch: revert allow zero source pitch
in hw/display/cirrus_vga.c.
- debian/patches/CVE-2017-7980-6.patch: stop passing around dst
pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
hw/display/cirrus_vga_rop2.h.
- debian/patches/CVE-2017-7980-7.patch: stop passing around src
pointers in hw/display/cirrus_vga.c, hw/display/cirrus_vga_rop.h,
hw/display/cirrus_vga_rop2.h.
- debian/patches/CVE-2017-7980-8.patch: fix off-by-one in
hw/display/cirrus_vga_rop.h.
- debian/patches/CVE-2017-7980-9.patch: fix cirrus_invalidate_region in
hw/display/cirrus_vga.c.
- CVE-2017-7980
* SECURITY UPDATE: denial of service via memory leak in virtFS
- debian/patches/CVE-2017-8086.patch: fix leak in hw/9pfs/9p-xattr.c.
- CVE-2017-8086
* SECURITY UPDATE: denial of service via leak in audio
- debian/patches/CVE-2017-8309.patch: release capture buffers in
audio/audio.c.
- CVE-2017-8309
* SECURITY UPDATE: denial of service via leak in keyboard
- debian/patches/CVE-2017-8379-1.patch: limit kbd queue depth in
ui/input.c.
- debian/patches/CVE-2017-8379-2.patch: don't queue delay if paused in
ui/input.c.
- CVE-2017-8379
-- Marc Deslauriers <email address hidden> Wed, 10 May 2017 08:48:06 -0400
-
qemu (1:2.8+dfsg-3ubuntu2.1) zesty-security; urgency=medium
* SECURITY UPDATE: DoS in virtio GPU device
- debian/patches/CVE-2016-10028.patch: check virgl capabilities
max_size in hw/display/virtio-gpu-3d.c.
- CVE-2016-10028
* SECURITY UPDATE: DoS in JAZZ RC4030 chipset emulation
- debian/patches/CVE-2016-8667.patch: limit interval timer reload value
in hw/dma/rc4030.c.
- CVE-2016-8667
* SECURITY UPDATE: host filesystem access via virtFS
- debian/patches/CVE-2016-9602.patch: don't follow symlinks in
hw/9pfs/*.
- CVE-2016-9602
* SECURITY UPDATE: arbitrary code execution via Cirrus VGA
- debian/patches/CVE-2016-9603.patch: remove bitblit support from
console code in hw/display/cirrus_vga.c, include/ui/console.h,
ui/console.c, ui/vnc.c.
- CVE-2016-9603
* SECURITY UPDATE: information leak in virtio GPU device
- debian/patches/CVE-2016-9908.patch: properly clear out memory in
hw/display/virtio-gpu-3d.c.
- CVE-2016-9908
* SECURITY UPDATE: DoS via memory leak in virtio GPU device
- debian/patches/CVE-2016-9912.patch: properly free memory in
hw/display/virtio-gpu.c.
- CVE-2016-9912
* SECURITY UPDATE: DoS via virtFS
- debian/patches/CVE-2016-9914.patch: add cleanup operations to
fsdev/file-op-9p.h, hw/9pfs/9p.c.
- CVE-2016-9914
* SECURITY UPDATE: DoS via memory leak in virtio GPU device
- debian/patches/CVE-2017-5552.patch: check return value in
hw/display/virtio-gpu-3d.c.
- CVE-2017-5552
* SECURITY UPDATE: DoS via memory leak in virtio GPU device
- debian/patches/CVE-2017-5578.patch: check res->iov in
hw/display/virtio-gpu.c.
- CVE-2017-5578
* SECURITY UPDATE: DoS via infinite loop in SDHCI device emulation
- debian/patches/CVE-2017-5987-*.patch: fix transfer mode register
handling in hw/sd/sdhci.c.
- CVE-2017-5987
* SECURITY UPDATE: DoS via infinite loop in USB OHCI emulation
- debian/patches/CVE-2017-6505.patch: limit the number of link eds in
hw/usb/hcd-ohci.c.
- CVE-2017-6505
-- Marc Deslauriers <email address hidden> Mon, 24 Apr 2017 07:30:11 -0400
-
qemu (1:2.8+dfsg-3ubuntu2) zesty; urgency=medium
* d/p/ubuntu/spapr-pci-populate-PCI-DT-in-reverse-order.patch: backport
"spapr/pci: populate PCI DT in reverse order" (LP: #1670481).
-- Christian Ehrhardt <email address hidden> Tue, 07 Mar 2017 09:23:08 +0100
-
qemu (1:2.8+dfsg-3ubuntu1) zesty; urgency=medium
* Merge with Debian;
This fixes several CVEs that were reported against qemu 2.8 and also
includes a few important functional backports (LP: #1667033); remaining
changes:
- add qemu-kvm init script and defaults file
(d/qemu-system-common.qemu-kvm.*)
- d/rules, d/qemu-kvm-init: add and install script loading kvm
modules and handling /etc/default/qemu-kvm
- qemu-system-common.preinst: add kvm group if needed
- Enable nesting by default on intel.
- set default module option
- re-load kvm_intel.ko if it was loaded without nested=1
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by
default in qemu64 cpu type.
- Enable svm by default for qemu64 on amd
- d/p/ubuntu/define-ubuntu-machine-types.patch, d/qemu-system-x86.NEWS:
define distro machine types to ease future live vm migration (includes
all former follow up fixes).
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- s390x support
- Create qemu-system-s390x package
- Include s390-ccw.img firmware
- qemu-system-common.postinst:
- change acl placed by udev, and add udevadm trigger.
- d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el
- Several changes were applied but missing in the changelog so far
- d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
- arch aware kvm wrapper
- update VCS links
- let qemu-utils recommend sharutils
- disable x32 architecture
- Enable seccomp for ppc64el
- Enable numa support for s390x
- d/qemu-system-common.qemu-kvm.init: fix lintian error type
init.d-script-missing-dependency-on-remote_fs
- d/qemu-system-common.postinst: fix lintian error type
command-with-path-in-maintainer-script
- Transition qemu-kvm to a systemd unit
- d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output
- d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so
that it shows up where the user expects (sytemctl status, kvm stdout)
- d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure
- add arch aware kvm wrapper for s390x
* Dropped Changes (in Debian now):
- d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working
- d/control-in: change dependencies for fix of wrong acl for newly
created device node on ubuntu
- have qemu-system-arm suggest: qemu-efi; this should be a stronger
relationship, but qemu-efi is still in universe right now.
- Disable glusterfs (Universe dependency)
- no more skip disable libiscsi on Ubuntu
- d/rules, d/control-in: avoid people editing d/control
* Added Changes:
- d/control: bump libseccomp-dev dependency as enabling libseccomp for
power makes 2.3 the minimum level.
-- Christian Ehrhardt <email address hidden> Wed, 01 Mar 2017 14:23:16 +0100
-
qemu (1:2.8+dfsg-2ubuntu1) zesty; urgency=medium
* Merge with Debian; remaining changes:
- add qemu-kvm init script and defaults file
(d/qemu-system-common.qemu-kvm.*)
- d/rules, d/qemu-kvm-init: add and install script loading kvm
modules and handling /etc/default/qemu-kvm
- qemu-system-common.preinst: add kvm group if needed
- Enable nesting by default on intel.
- set default module option
- re-load kvm_intel.ko if it was loaded without nested=1
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: enable nested kvm by
default in qemu64 cpu type.
- Enable svm by default for qemu64 on amd
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types to ease future live vm migration.
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- s390x support
- Create qemu-system-s390x package
- Include s390-ccw.img firmware
- qemu-system-common.postinst:
- change acl placed by udev, and add udevadm trigger.
- d/control-in: change dependencies for fix of wrong acl for newly
created device node on ubuntu
- have qemu-system-arm suggest: qemu-efi; this should be a stronger
relationship, but qemu-efi is still in universe right now.
- d/qemu-kvm-init, d/kvm.powerpc, d/control-in: check SMT on ppc64el
- Several changes were applied but missing in the changelog so far
- d/qemu-system-ppc.links provide usr/bin/qemu-system-ppc64le symlink
- arch aware kvm wrapper
- update VCS links
- no more skip disable libiscsi on Ubuntu
- let qemu-utils recommend sharutils
- disable x32 architecture
* Dropped Changes:
- Several changes were applied but missing in the changelog so far
but are no more needed
- no pie for relocatable LD calls, with toolchain defaulting to
pie (fixed upstream)
- enable libnuma-dev (now in Debian)
- transition for moved init scripts (can be dropped after LTS
containing >=2.5 which is Xenial)
- --enable-seccomp related whitespace change (had no effect)
- apport hook for qemu source package (In Debian)
- add upstart script (d/qemu-system-common.qemu-kvm.upstart)
- d/qemu-system-x86.maintscript: transition off of
/etc/init.d/qemu-system-x86 (can be dropped after Xenial)
- Enable pie by default, on ubuntu/s390x. (Is the default since
>=Xenial, no cloud archive backport <=Xenial to consider)
- no pie for relocatable LD calls (fixed upstream in commit
7ecf44a5)
- CVEs: CVE-2016-5403, CVE-2016-6351, CVE-2016-6490 (now Upstream)
- Revert fix for CVE-2016-5403, causes regression see USN-3047-2.
(Improved fix included by upstream)
- Enable GPU Passthru for ppc64le (is upstream in qemu 2.7)
- Fixed wrong migration blocker when vhost is used (is upstream in
qemu 2.8)
* Added Changes:
- d/rules, d/control-in: avoid people editing d/control by warning
header and non writable permissions
- fixed moving trusty machine type definition which made it
ambiguous (LP: #1641532)
- d/qemu-system-x86.NEWS describe the issue
- Enable seccomp for ppc64el (LP: #1644639)
- Enable numa support for s390x
- d/qemu-system-common.qemu-kvm.init: fix lintian error type
init.d-script-missing-dependency-on-remote_fs
- d/qemu-system-common.postinst: fix lintian error type
command-with-path-in-maintainer-script
- Transition qemu-kvm to a systemd unit
- Disable glusterfs (Universe dependency)
- d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check avoid unwanted output
- d/qemu-kvm-init, d/kvm.powerpc ppc64el SMT check keep output local so
that it shows up where the user expects (sytemctl status, kvm stdout)
- d/qemu-kvm-init ppc64el warn on expected second level kvm-hv load failure
- add arch aware kvm wrapper for s390x
- d/p/ubuntu/ctrl-a-b-fix-fb5e19d2.patch: char: fix ctrl-a b not working
- Enable DDW in Yakkety machine type because "Enable GPU Passthru for
ppc64le" was released as part of qemu 2.6 (can be dropped at 18.10,
merged in d/p/ubuntu/define-ubuntu-machine-types.patch)
-- Christian Ehrhardt <email address hidden> Mon, 16 Jan 2017 16:27:11 +0100
-
qemu (1:2.6.1+dfsg-0ubuntu9) zesty; urgency=medium
* SECURITY UPDATE: DoS via unbounded memory allocation
- debian/patches/revert-afd9096eb1882f23929f5b5c177898ed231bac66.patch:
removed to add back size check in hw/virtio/virtio.c.
- debian/patches/CVE-2016-5403-2.patch: recalculate vq->inuse after
migration in hw/virtio/virtio.c.
- debian/patches/CVE-2016-5403-3.patch: decrement vq->inuse in
virtqueue_discard() in hw/virtio/virtio.c.
- debian/patches/CVE-2016-5403-4.patch: zero vq->inuse in
virtio_reset() in hw/virtio/virtio.c.
- debian/patches/CVE-2016-5403-5.patch: discard virtqueue element on
reset in hw/virtio/virtio-balloon.c.
- CVE-2016-5403
* SECURITY UPDATE: use after free while writing in vmxnet3
- debian/patches/CVE-2016-6833.patch: check for device_active before
write in hw/net/vmxnet3.c.
- CVE-2016-6833
* SECURITY UPDATE: DoS via infinite loop during packet fragmentation
- debian/patches/CVE-2016-6834.patch: check fragment length during
fragmentation in hw/net/vmxnet_tx_pkt.c.
- CVE-2016-6834
* SECURITY UPDATE: Buffer overflow in vmxnet_tx_pkt_parse_headers()
- debian/patches/CVE-2016-6835.patch: check IP header length in
hw/net/vmxnet_tx_pkt.c.
- CVE-2016-6835
* SECURITY UPDATE: Information leak in vmxnet3_complete_packet
- debian/patches/CVE-2016-6836.patch: initialise local tx descriptor in
hw/net/vmxnet3.c.
- CVE-2016-6836
* SECURITY UPDATE: Integer overflow in packet initialisation in VMXNET3
- debian/patches/CVE-2016-6888.patch: use g_new for pkt initialisation
in hw/net/vmxnet_tx_pkt.c.
- CVE-2016-6888
* SECURITY UPDATE: directory traversal flaw in 9p virtio backend
- debian/patches/CVE-2016-7116-1.patch: forbid illegal path names in
hw/9pfs/9p.c.
- debian/patches/CVE-2016-7116-2.patch: forbid . and .. in file names
in hw/9pfs/9p.c.
- debian/patches/CVE-2016-7116-3.patch: handle walk of ".." in the root
directory in hw/9pfs/9p.*.
- debian/patches/CVE-2016-7116-4.patch: fix potential segfault during
walk in hw/9pfs/9p.c.
- CVE-2016-7116
* SECURITY UPDATE: OOB read and infinite loop in pvscsi
- debian/patches/CVE-2016-7155.patch: check page count while
initialising descriptor rings in hw/scsi/vmw_pvscsi.c.
- CVE-2016-7155
* SECURITY UPDATE: infinite loop when building SG list in pvscsi
- debian/patches/CVE-2016-7156.patch: limit loop to fetch SG list in
hw/scsi/vmw_pvscsi.c.
- CVE-2016-7156
* SECURITY UPDATE: invalid memory access in mptsas
- debian/patches/CVE-2016-7157-1.patch: fix an assert expression in
hw/scsi/mptconfig.c.
- debian/patches/CVE-2016-7157-2.patch: fix misuse of
MPTSAS_CONFIG_PACK in hw/scsi/mptconfig.c.
- CVE-2016-7157
* SECURITY UPDATE: buffer overflow in xlnx.xps-ethernetlite
- debian/patches/CVE-2016-7161.patch: fix a heap overflow in
hw/net/xilinx_ethlite.c.
- CVE-2016-7161
* SECURITY UPDATE: OOB stack memory access in vmware_vga
- debian/patches/CVE-2016-7170.patch: correct bitmap and pixmap size
checks in hw/display/vmware_vga.c.
- CVE-2016-7170
* SECURITY UPDATE: Infinite loop when processing IO requests in pvscsi
- debian/patches/CVE-2016-7421.patch: limit process IO loop to ring
size in hw/scsi/vmw_pvscsi.c.
- CVE-2016-7421
* SECURITY UPDATE: null pointer dereference in virtio
- debian/patches/CVE-2016-7422.patch: dd check for descriptor's mapped
address in hw/virtio/virtio.c.
- CVE-2016-7422
* SECURITY UPDATE: denial of service in LSI SAS1068 Host Bus
- debian/patches/CVE-2016-7423.patch: use g_new0 to allocate
MPTSASRequest object in hw/scsi/mptsas.c.
- CVE-2016-7423
* SECURITY UPDATE: memory leakage during device unplug in xhci
- debian/patches/CVE-2016-7466.patch: fix memory leak in usb_xhci_exit
in hw/usb/hcd-xhci.c.
- CVE-2016-7466
* SECURITY UPDATE: denial of service in mcf via invalid count
- debian/patches/CVE-2016-7908.patch: limit buffer descriptor count in
hw/net/mcf_fec.c.
- CVE-2016-7908
* SECURITY UPDATE: denial of service in pcnet via invalid length
- debian/patches/CVE-2016-7909.patch: check rx/tx descriptor ring
length in hw/net/pcnet.c.
- CVE-2016-7909
* SECURITY UPDATE: denial of service via memory leak in virtio-gpu
- debian/patches/CVE-2016-7994.patch: fix memory leak in
virtio_gpu_resource_create_2d in hw/display/virtio-gpu.c.
- CVE-2016-7994
* SECURITY UPDATE: denial of service via memory leak in ehci
- debian/patches/CVE-2016-7995.patch: fix memory leak in
ehci_process_itd in hw/usb/hcd-ehci.c.
- CVE-2016-7995
* SECURITY UPDATE: denial of service via infinite loop in xhci
- debian/patches/CVE-2016-8576.patch: limit the number of link trbs we
are willing to process in hw/usb/hcd-xhci.c.
- CVE-2016-8576
* SECURITY UPDATE: host memory leakage in 9pfs
- debian/patches/CVE-2016-8577.patch: fix potential host memory leak in
v9fs_read in hw/9pfs/9p.c.
- CVE-2016-8577
* SECURITY UPDATE: NULL dereference in 9pfs
- debian/patches/CVE-2016-8578.patch: allocate space for guest
originated empty strings in fsdev/9p-iov-marshal.c, hw/9pfs/9p.c.
- CVE-2016-8578
* SECURITY UPDATE: OOB buffer access in rocker switch emulation
- debian/patches/CVE-2016-8668.patch: set limit to DMA buffer size in
hw/net/rocker/rocker.c.
- CVE-2016-8668
* SECURITY UPDATE: infinite loop in Intel HDA controller
- debian/patches/CVE-2016-8909.patch: check stream entry count during
transfer in hw/audio/intel-hda.c.
- CVE-2016-8909
* SECURITY UPDATE: infinite loop in RTL8139 ethernet controller
- debian/patches/CVE-2016-8910.patch: limit processing of ring
descriptors in hw/net/rtl8139.c.
- CVE-2016-8910
* SECURITY UPDATE: memory leakage at device unplug in eepro100
- debian/patches/CVE-2016-9101.patch: fix memory leak in device uninit
in hw/net/eepro100.c.
- CVE-2016-9101
* SECURITY UPDATE: denial of service via memory leak in 9pfs
- debian/patches/CVE-2016-9102.patch: fix memory leak in
v9fs_xattrcreate in hw/9pfs/9p.c.
- CVE-2016-9102
* SECURITY UPDATE: information leakage via xattribute in 9pfs
- debian/patches/CVE-2016-9103.patch: fix information leak in xattr
read in hw/9pfs/9p.c.
- CVE-2016-9103
* SECURITY UPDATE: integer overflow leading to OOB access in 9pfs
- debian/patches/CVE-2016-9104.patch: fix integer overflow issue in
xattr read/write in hw/9pfs/9p.c.
- CVE-2016-9104
* SECURITY UPDATE: denial of service via memory leakage in 9pfs
- debian/patches/CVE-2016-9105.patch: fix memory leak in v9fs_link in
hw/9pfs/9p.c.
- CVE-2016-9105
* SECURITY UPDATE: denial of service via memory leakage in 9pfs
- debian/patches/CVE-2016-9106.patch: fix memory leak in v9fs_write in
hw/9pfs/9p.c.
- CVE-2016-9106
-- Marc Deslauriers <email address hidden> Fri, 20 Jan 2017 12:35:37 -0500
-
qemu (1:2.6.1+dfsg-0ubuntu8) zesty; urgency=medium
[ Breno Leitao ]
* d/qemu-kvm-init, d/kvm.powerpc: Adding a check SMT on ppc64el (LP: #1638329)
-- Christian Ehrhardt <email address hidden> Thu, 01 Dec 2016 13:44:33 +0100
-
qemu (1:2.6.1+dfsg-0ubuntu7) zesty; urgency=medium
[ Rafael David Tinoco ]
* Fixed wrong migration blocker when vhost is used (LP: #1626972)
- d/p/vhost_migration-blocker-only-if-shared-log-is-used.patch
-- Christian Ehrhardt <email address hidden> Tue, 22 Nov 2016 13:45:52 +0100
-
qemu (1:2.6.1+dfsg-0ubuntu6) zesty; urgency=medium
* d/p/ubuntu/define-ubuntu-machine-types.patch: add a hint if instantiating
fails due to now unsupported very old guest types (LP: #1637936).
-- Christian Ehrhardt <email address hidden> Wed, 02 Nov 2016 15:12:28 +0100
-
qemu (1:2.6.1+dfsg-0ubuntu5) yakkety; urgency=medium
* No-change rebuild to compile against new libxen version.
-- Stefan Bader <email address hidden> Fri, 30 Sep 2016 14:24:37 +0200