UbuntuUpdates.org

Package "qemu-system-data"

Name: qemu-system-data

Description:

QEMU full system emulation (data files)

Latest version: 1:4.2-3ubuntu6.30
Release: focal (20.04)
Level: updates
Repository: main
Head package: qemu
Homepage: http://www.qemu.org/

Links


Download "qemu-system-data"


Other versions of "qemu-system-data" in Focal

Repository Area Version
base main 1:4.2-3ubuntu6
security main 1:4.2-3ubuntu6.30

Changelog

Version: 1:4.2-3ubuntu6.25 2023-04-07 09:06:56 UTC

  qemu (1:4.2-3ubuntu6.25) focal; urgency=medium

  [ Brett Milford ]
  * d/p/u/lp1994002-migration-Read-state-once.patch: Fix for libvirt
    error 'migration was active, but no RAM info was set' (LP: #1994002)

  [ Mauricio Faria de Oliveira ]
  * d/p/u/lp2009048-vfio_map_dma_einval_amd_iommu_1tb.patch: Add hint
    to VFIO_MAP_DMA error on AMD IOMMU for VMs with ~1TB+ RAM (LP: #2009048)

 -- Mauricio Faria de Oliveira <email address hidden> Thu, 02 Mar 2023 18:07:21 -0300

Source diff to previous version
1994002 [SRU] migration was active, but no RAM info was set
2009048 PCI passthrough on AMD IOMMU fails with \

Version: 1:4.2-3ubuntu6.24 2022-12-12 10:07:14 UTC

  qemu (1:4.2-3ubuntu6.24) focal-security; urgency=medium

  * SECURITY UPDATE: DMA reentrancy issue
    - debian/patches/CVE-2021-3750.patch: Introduce MemTxAttrs::memory
      field and MEMTX_ACCESS_ERROR
    - CVE-2021-3750
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2022-0216-*.patch: fix use-after-free in
      lsi_do_msgout
    - CVE-2022-0216

 -- Nishit Majithia <email address hidden> Thu, 08 Dec 2022 14:45:56 +0530

Source diff to previous version
CVE-2021-3750 A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO regi
CVE-2022-0216 A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated message

Version: 1:4.2-3ubuntu6.23 2022-06-21 17:06:27 UTC

  qemu (1:4.2-3ubuntu6.23) focal-security; urgency=medium

  * SECURITY UPDATE: heap overflow in floppy disk emulator
    - debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
      hw/block/fdc.c.
    - CVE-2021-3507
  * SECURITY UPDATE: integer overflow in QXL display device emulation
    - debian/patches/CVE-2021-4206.patch: check width and height in
      hw/display/qxl-render.c, hw/display/vmware_vga.c, ui/cursor.c.
    - CVE-2021-4206
  * SECURITY UPDATE: heap overflow in QXL display device emulation
    - debian/patches/CVE-2021-4207.patch: fix race condition in qxl_cursor
      in hw/display/qxl-render.c.
    - CVE-2021-4207
  * SECURITY UPDATE: memory leakage in virtio-net device
    - debian/patches/CVE-2022-26353.patch: fix map leaking on error during
      receive in hw/net/virtio-net.c.
    - CVE-2022-26353
  * SECURITY UPDATE: memory leakage in vhost-vsock device
    - debian/patches/CVE-2022-26354.patch: detach the virqueue element in
      case of error in hw/virtio/vhost-vsock.c.
    - CVE-2022-26354

 -- Marc Deslauriers <email address hidden> Thu, 09 Jun 2022 11:35:04 -0400

Source diff to previous version
CVE-2021-3507 A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block
CVE-2021-4206 A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a smal
CVE-2021-4207 A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.he
CVE-2022-26353 A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the c
CVE-2022-26354 A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memor

Version: 1:4.2-3ubuntu6.21 2022-02-28 15:06:24 UTC

  qemu (1:4.2-3ubuntu6.21) focal-security; urgency=medium

  * SECURITY UPDATE: crash or code exec in USB redirector device emulation
    - debian/patches/CVE-2021-3682.patch: fix free call in
      hw/usb/redirect.c.
    - CVE-2021-3682
  * SECURITY UPDATE: heap use-after-free in virtio_net_receive_rcu
    - debian/patches/CVE-2021-3748.patch: fix use after unmap/free for sg
      in hw/net/virtio-net.c.
    - CVE-2021-3748
  * SECURITY UPDATE: off-by-one error in mode_sense_page()
    - debian/patches/CVE-2021-3930.patch: MODE_PAGE_ALLS not allowed in
      MODE SELECT commands in hw/scsi/scsi-disk.c.
    - CVE-2021-3930
  * SECURITY UPDATE: NULL dereference in floppy disk emulator
    - debian/patches/CVE-2021-20196-1.patch: Extract
      blk_create_empty_drive() in hw/block/fdc.c.
    - debian/patches/CVE-2021-20196-2.patch: kludge missing floppy drive in
      hw/block/fdc.c.
    - CVE-2021-20196
  * SECURITY UPDATE: integer overflow in vmxnet3 NIC emulator
    - debian/patches/CVE-2021-20203.patch: validate configuration values
      during activate in hw/net/vmxnet3.c.
    - CVE-2021-20203

 -- Marc Deslauriers <email address hidden> Tue, 22 Feb 2022 12:44:44 -0500

Source diff to previous version
CVE-2021-3682 A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfe
CVE-2021-3748 virtio-net: heap use-after-free in virtio_net_receive_rcu
CVE-2021-3930 An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the
CVE-2021-20196 A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the s
CVE-2021-20203 An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid

Version: 1:4.2-3ubuntu6.19 2022-01-04 19:07:24 UTC

  qemu (1:4.2-3ubuntu6.19) focal; urgency=medium

  * d/p/u/lp-1749393-linux-user-Reserve-space-for-brk.patch: fix static
    use cases needing a lot of brk space (LP: #1749393)
  * d/p/u/lp-1929926-target-s390x-Fix-translation-exception-on-illegal-in.patch:
    fix uretprobe in s390x TCG (LP: #1929926)

 -- Christian Ehrhardt <email address hidden> Mon, 26 Apr 2021 11:11:19 +0200

1749393 sbrk() not working under qemu-user with a PIE-compiled binary?
1929926 [UBUNTU 21.10] qemu: target/s390x: Fix translation exception on illegal instruction



About   -   Send Feedback to @ubuntu_updates