qemu 1:2.10+dfsg-0ubuntu3.5 source package in Ubuntu
Changelog
qemu (1:2.10+dfsg-0ubuntu3.5) artful-security; urgency=medium
* SECURITY UPDATE: DoS via out-of-bounds read in VGA driver
- debian/patches/CVE-2017-13672-2.patch: handle cirrus vbe mode
wraparounds in hw/display/vga.c.
- debian/patches/CVE-2017-13672-3.patch: fix region checks in
wraparound case in hw/display/vga.c.
- CVE-2017-13672
* SECURITY UPDATE: information disclosure via race in 9pfs
- debian/patches/CVE-2017-15038.patch: use g_malloc0 to allocate space
for xattr in hw/9pfs/9p.c.
- CVE-2017-15038
* SECURITY UPDATE: long export name overflow in NBD server
- debian/patches/CVE-2017-15118.patch: check length in nbd/server.c.
- CVE-2017-15118
* SECURITY UPDATE: DoS via large option request in NBD server
- debian/patches/CVE-2017-15119.patch: reject options larger than 32M
in nbd/server.c.
- CVE-2017-15119
* SECURITY UPDATE: DoS via unbounded memory allocation in VNC server
- debian/patches/CVE-2017-15124-pre1.patch: remove 'sync' parameter
from vnc_update_client in ui/vnc.c.
- debian/patches/CVE-2017-15124-pre2.patch: remove unreachable code in
vnc_update_client in ui/vnc.c.
- debian/patches/CVE-2017-15124-pre3.patch: remove redundant
indentation in vnc_client_update in ui/vnc.c.
- debian/patches/CVE-2017-15124-pre4.patch: avoid pointless VNC updates
if framebuffer isn't dirty in ui/vnc.c.
- debian/patches/CVE-2017-15124-pre5.patch: introduce enum to track VNC
client framebuffer update request state in ui/vnc.*.
- debian/patches/CVE-2017-15124-pre6.patch: correctly reset framebuffer
update state after processing dirty regions in ui/vnc.c.
- debian/patches/CVE-2017-15124-pre7.patch: refactor code for
determining if an update should be sent to the client in ui/vnc.c.
- debian/patches/CVE-2017-15124-pre8.patch: track how much decoded data
we consumed when doing SASL encoding in ui/vnc-auth-sasl.c,
ui/vnc-auth-sasl.h.
- debian/patches/CVE-2017-15124-1.patch: fix VNC client throttling when
audio capture is active in ui/vnc.*.
- debian/patches/CVE-2017-15124-2.patch: fix VNC client throttling when
forced update is requested in ui/vnc-auth-sasl.c, ui/vnc-jobs.c,
ui/vnc.*.
- debian/patches/CVE-2017-15124-3.patch: place a hard cap on VNC server
output buffer size in ui/vnc.c.
- CVE-2017-15124
* SECURITY UPDATE: memory leak in websocket GSource
- debian/patches/CVE-2017-15268.patch: monitor encoutput buffer size
from websocket GSource in io/channel-websock.c.
- CVE-2017-15268
* SECURITY UPDATE: DoS in cirrus driver
- debian/patches/CVE-2017-15289.patch: fix oob access in mode4and5
write functions in hw/display/cirrus_vga.c.
- CVE-2017-15289
* SECURITY UPDATE: out-of-bounds access in ps2 driver
- debian/patches/CVE-2017-16845.patch: check PS2Queue pointers in
post_load routine in hw/input/ps2.c.
- CVE-2017-16845
* SECURITY UPDATE: DoS in Virtio Vring implementation
- debian/patches/CVE-2017-17381.patch: check VirtQueue Vring object is
set in hw/virtio/virtio.c.
- CVE-2017-17381
* SECURITY UPDATE: DoS in VGA driver
- debian/patches/CVE-2018-5683.patch: check the validation of memory
addr when draw text in hw/display/vga.c.
- CVE-2018-5683
-- Marc Deslauriers <email address hidden> Wed, 14 Feb 2018 14:19:31 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Artful
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- otherosfs
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| qemu_2.10+dfsg.orig.tar.xz | 8.0 MiB | 204059a59774745d2366f2700c148bccb2712803406b3c2607052194101c1193 |
| qemu_2.10+dfsg-0ubuntu3.5.debian.tar.xz | 123.7 KiB | 4a2b2b43fe43f0e0171b8d81fa0bc30e4e36fd8cc43d4133591e0a8c7b7abbda |
| qemu_2.10+dfsg-0ubuntu3.5.dsc | 6.2 KiB | 45c7d2509f2179a6de943cff1e10fb95ebe0369b1662b21a4b9f02587146e0e6 |
Available diffs
Binary packages built by this source
- qemu: No summary available for qemu in ubuntu artful.
No description available for qemu in ubuntu artful.
- qemu-block-extra: No summary available for qemu-block-extra in ubuntu artful.
No description available for qemu-block-extra in ubuntu artful.
- qemu-block-extra-dbgsym: No summary available for qemu-block-extra-dbgsym in ubuntu artful.
No description available for qemu-block-
extra-dbgsym in ubuntu artful.
- qemu-guest-agent: No summary available for qemu-guest-agent in ubuntu artful.
No description available for qemu-guest-agent in ubuntu artful.
- qemu-guest-agent-dbgsym: No summary available for qemu-guest-agent-dbgsym in ubuntu artful.
No description available for qemu-guest-
agent-dbgsym in ubuntu artful.
- qemu-kvm: No summary available for qemu-kvm in ubuntu artful.
No description available for qemu-kvm in ubuntu artful.
- qemu-system: No summary available for qemu-system in ubuntu artful.
No description available for qemu-system in ubuntu artful.
- qemu-system-aarch64: No summary available for qemu-system-aarch64 in ubuntu artful.
No description available for qemu-system-aarch64 in ubuntu artful.
- qemu-system-arm: No summary available for qemu-system-arm in ubuntu artful.
No description available for qemu-system-arm in ubuntu artful.
- qemu-system-arm-dbgsym: No summary available for qemu-system-arm-dbgsym in ubuntu artful.
No description available for qemu-system-
arm-dbgsym in ubuntu artful.
- qemu-system-common: No summary available for qemu-system-common in ubuntu artful.
No description available for qemu-system-common in ubuntu artful.
- qemu-system-common-dbgsym: No summary available for qemu-system-common-dbgsym in ubuntu artful.
No description available for qemu-system-
common- dbgsym in ubuntu artful.
- qemu-system-mips: No summary available for qemu-system-mips in ubuntu artful.
No description available for qemu-system-mips in ubuntu artful.
- qemu-system-mips-dbgsym: No summary available for qemu-system-mips-dbgsym in ubuntu artful.
No description available for qemu-system-
mips-dbgsym in ubuntu artful.
- qemu-system-misc: No summary available for qemu-system-misc in ubuntu artful.
No description available for qemu-system-misc in ubuntu artful.
- qemu-system-misc-dbgsym: No summary available for qemu-system-misc-dbgsym in ubuntu artful.
No description available for qemu-system-
misc-dbgsym in ubuntu artful.
- qemu-system-ppc: No summary available for qemu-system-ppc in ubuntu artful.
No description available for qemu-system-ppc in ubuntu artful.
- qemu-system-ppc-dbgsym: No summary available for qemu-system-ppc-dbgsym in ubuntu artful.
No description available for qemu-system-
ppc-dbgsym in ubuntu artful.
- qemu-system-s390x: No summary available for qemu-system-s390x in ubuntu artful.
No description available for qemu-system-s390x in ubuntu artful.
- qemu-system-s390x-dbgsym: No summary available for qemu-system-s390x-dbgsym in ubuntu artful.
No description available for qemu-system-
s390x-dbgsym in ubuntu artful.
- qemu-system-sparc: No summary available for qemu-system-sparc in ubuntu artful.
No description available for qemu-system-sparc in ubuntu artful.
- qemu-system-sparc-dbgsym: No summary available for qemu-system-sparc-dbgsym in ubuntu artful.
No description available for qemu-system-
sparc-dbgsym in ubuntu artful.
- qemu-system-x86: No summary available for qemu-system-x86 in ubuntu artful.
No description available for qemu-system-x86 in ubuntu artful.
- qemu-system-x86-dbgsym: No summary available for qemu-system-x86-dbgsym in ubuntu artful.
No description available for qemu-system-
x86-dbgsym in ubuntu artful.
- qemu-user: No summary available for qemu-user in ubuntu artful.
No description available for qemu-user in ubuntu artful.
- qemu-user-binfmt: No summary available for qemu-user-binfmt in ubuntu artful.
No description available for qemu-user-binfmt in ubuntu artful.
- qemu-user-dbgsym: No summary available for qemu-user-dbgsym in ubuntu artful.
No description available for qemu-user-dbgsym in ubuntu artful.
- qemu-user-static: No summary available for qemu-user-static in ubuntu artful.
No description available for qemu-user-static in ubuntu artful.
- qemu-user-static-dbgsym: No summary available for qemu-user-static-dbgsym in ubuntu artful.
No description available for qemu-user-
static- dbgsym in ubuntu artful.
- qemu-utils: No summary available for qemu-utils in ubuntu artful.
No description available for qemu-utils in ubuntu artful.
- qemu-utils-dbgsym: No summary available for qemu-utils-dbgsym in ubuntu artful.
No description available for qemu-utils-dbgsym in ubuntu artful.
