Package "qemu-system-s390x"
Name: |
qemu-system-s390x
|
Description: |
QEMU full system emulation binaries (s390x)
|
Latest version: |
1:4.2-3ubuntu6.28 |
Release: |
focal (20.04) |
Level: |
updates |
Repository: |
main |
Head package: |
qemu |
Homepage: |
http://www.qemu.org/ |
Links
Download "qemu-system-s390x"
Other versions of "qemu-system-s390x" in Focal
Changelog
qemu (1:4.2-3ubuntu6.23) focal-security; urgency=medium
* SECURITY UPDATE: heap overflow in floppy disk emulator
- debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
hw/block/fdc.c.
- CVE-2021-3507
* SECURITY UPDATE: integer overflow in QXL display device emulation
- debian/patches/CVE-2021-4206.patch: check width and height in
hw/display/qxl-render.c, hw/display/vmware_vga.c, ui/cursor.c.
- CVE-2021-4206
* SECURITY UPDATE: heap overflow in QXL display device emulation
- debian/patches/CVE-2021-4207.patch: fix race condition in qxl_cursor
in hw/display/qxl-render.c.
- CVE-2021-4207
* SECURITY UPDATE: memory leakage in virtio-net device
- debian/patches/CVE-2022-26353.patch: fix map leaking on error during
receive in hw/net/virtio-net.c.
- CVE-2022-26353
* SECURITY UPDATE: memory leakage in vhost-vsock device
- debian/patches/CVE-2022-26354.patch: detach the virqueue element in
case of error in hw/virtio/vhost-vsock.c.
- CVE-2022-26354
-- Marc Deslauriers <email address hidden> Thu, 09 Jun 2022 11:35:04 -0400
|
Source diff to previous version |
CVE-2021-3507 |
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block |
CVE-2021-4206 |
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a smal |
CVE-2021-4207 |
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.he |
CVE-2022-26353 |
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the c |
CVE-2022-26354 |
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memor |
|
qemu (1:4.2-3ubuntu6.21) focal-security; urgency=medium
* SECURITY UPDATE: crash or code exec in USB redirector device emulation
- debian/patches/CVE-2021-3682.patch: fix free call in
hw/usb/redirect.c.
- CVE-2021-3682
* SECURITY UPDATE: heap use-after-free in virtio_net_receive_rcu
- debian/patches/CVE-2021-3748.patch: fix use after unmap/free for sg
in hw/net/virtio-net.c.
- CVE-2021-3748
* SECURITY UPDATE: off-by-one error in mode_sense_page()
- debian/patches/CVE-2021-3930.patch: MODE_PAGE_ALLS not allowed in
MODE SELECT commands in hw/scsi/scsi-disk.c.
- CVE-2021-3930
* SECURITY UPDATE: NULL dereference in floppy disk emulator
- debian/patches/CVE-2021-20196-1.patch: Extract
blk_create_empty_drive() in hw/block/fdc.c.
- debian/patches/CVE-2021-20196-2.patch: kludge missing floppy drive in
hw/block/fdc.c.
- CVE-2021-20196
* SECURITY UPDATE: integer overflow in vmxnet3 NIC emulator
- debian/patches/CVE-2021-20203.patch: validate configuration values
during activate in hw/net/vmxnet3.c.
- CVE-2021-20203
-- Marc Deslauriers <email address hidden> Tue, 22 Feb 2022 12:44:44 -0500
|
Source diff to previous version |
CVE-2021-3682 |
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfe |
CVE-2021-3748 |
virtio-net: heap use-after-free in virtio_net_receive_rcu |
CVE-2021-3930 |
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the |
CVE-2021-20196 |
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the s |
CVE-2021-20203 |
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid |
|
qemu (1:4.2-3ubuntu6.19) focal; urgency=medium
* d/p/u/lp-1749393-linux-user-Reserve-space-for-brk.patch: fix static
use cases needing a lot of brk space (LP: #1749393)
* d/p/u/lp-1929926-target-s390x-Fix-translation-exception-on-illegal-in.patch:
fix uretprobe in s390x TCG (LP: #1929926)
-- Christian Ehrhardt <email address hidden> Mon, 26 Apr 2021 11:11:19 +0200
|
Source diff to previous version |
1749393 |
sbrk() not working under qemu-user with a PIE-compiled binary? |
1929926 |
[UBUNTU 21.10] qemu: target/s390x: Fix translation exception on illegal instruction |
|
qemu (1:4.2-3ubuntu6.18) focal; urgency=medium
* enhance loading of old modules post upgrade (LP: #1913421)
- d/rules: d/qemu-system-gui.{prerm,postrm}.in: do not save gui modules
(can't be loaded late)
- d/qemu-block-extra.postrm.in: clear all (current and former) modules
on purge
- d/qemu-block-extra.prerm.in: test for exec and prepare /var/run/qemu
if needed
-- Christian Ehrhardt <email address hidden> Thu, 19 Aug 2021 14:10:54 +0200
|
Source diff to previous version |
1913421 |
Load of pre-upgrade qemu modules needs to avoid noexec |
|
qemu (1:4.2-3ubuntu6.17) focal-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference in MemoryRegionOps object
- debian/patches/CVE-2020-15469-1.patch: add pci-intack write method in
hw/pci-host/prep.c.
- debian/patches/CVE-2020-15469-2.patch: add pcie-msi read method in
hw/pci-host/designware.c.
- debian/patches/CVE-2020-15469-3.patch: add quirk device write method
in hw/vfio/pci-quirks.c.
- debian/patches/CVE-2020-15469-4.patch: add ppc-parity write method in
hw/ppc/prep_systemio.c.
- debian/patches/CVE-2020-15469-5.patch: add nrf51_soc flash read
method in hw/nvram/nrf51_nvm.c.
- debian/patches/CVE-2020-15469-6.patch: add spapr msi read method in
hw/ppc/spapr_pci.c.
- debian/patches/CVE-2020-15469-7.patch: add dummy read/write methods
in hw/misc/tz-ppc.c.
- debian/patches/CVE-2020-15469-8.patch: add digprog mmio write method
in hw/misc/imx7_ccm.c.
- CVE-2020-15469
* SECURITY UPDATE: NULL pointer dereference flaw in SCSI emulation
- debian/patches/CVE-2020-35504.patch: always check current_req is not
NULL before use in DMA callbacks in hw/scsi/esp.c.
- CVE-2020-35504
* SECURITY UPDATE: NULL pointer dereference flaw in am53c974 SCSI
- debian/patches/CVE-2020-35505.patch: ensure cmdfifo is not empty and
current_dev is non-NULL in hw/scsi/esp.c.
- CVE-2020-35505
* SECURITY UPDATE: use-after-free flaw was found in the MegaRAID emulator
- debian/patches/CVE-2021-3392.patch: Remove unused MPTSASState pending
field in hw/scsi/mptsas.c, hw/scsi/mptsas.h.
- CVE-2021-3392
* SECURITY UPDATE: out-of-bounds read/write in SDHCI controller emulation
- debian/patches/CVE-2021-3409-1.patch: don't transfer any data when
command time out in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-2.patch: don't write to SDHC_SYSAD
register when transfer is in progress in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-3.patch: correctly set the controller
status for ADMA in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-4.patch: limit block size only when
SDHC_BLKSIZE register is writable in hw/sd/sdhci.c.
- debian/patches/CVE-2021-3409-5.patch: reset the data pointer of
s->fifo_buffer[] when a different block size is programmed in
hw/sd/sdhci.c.
- CVE-2021-3409
* SECURITY UPDATE: stack overflow via infinite loop issue in various NIC
- debian/patches/CVE-2021-3416-1.patch: introduce qemu_receive_packet()
in include/net/net.h, include/net/queue.h, net/net.c, net/queue.c.
- debian/patches/CVE-2021-3416-2.patch: switch to use
qemu_receive_packet() for loopback in hw/net/e1000.c.
- debian/patches/CVE-2021-3416-3.patch: switch to use
qemu_receive_packet() for loopback packet in hw/net/dp8393x.c.
- debian/patches/CVE-2021-3416-5.patch: switch to use
qemu_receive_packet() for loopback in hw/net/sungem.c.
- debian/patches/CVE-2021-3416-6.patch: switch to use
qemu_receive_packet_iov() for loopback in hw/net/net_tx_pkt.c.
- debian/patches/CVE-2021-3416-7.patch: switch to use
qemu_receive_packet() for loopback in hw/net/rtl8139.c.
- debian/patches/CVE-2021-3416-8.patch: switch to use
qemu_receive_packet() for loopback in hw/net/pcnet.c.
- debian/patches/CVE-2021-3416-9.patch: switch to use
qemu_receive_packet() for loopback in hw/net/cadence_gem.c.
- debian/patches/CVE-2021-3416-10.patch: switch to use
qemu_receive_packet() for loopback in hw/net/lan9118.c.
- CVE-2021-3416
* SECURITY UPDATE: DoS in USB redirector device
- debian/patches/CVE-2021-3527-1.patch: avoid dynamic stack allocation
in hw/usb/redirect.c.
- debian/patches/CVE-2021-3527-2.patch: limit combined packets to 1 MiB
in hw/usb/combined-packet.c.
- CVE-2021-3527
* SECURITY UPDATE: multiple issues in virtio vhost-user GPU device
- debian/patches/CVE-2021-3544-1.patch: fix memory disclosure in
contrib/vhost-user-gpu/virgl.c.
- debian/patches/CVE-2021-3544-2.patch: fix resource leak in
contrib/vhost-user-gpu/vhost-user-gpu.c.
- debian/patches/CVE-2021-3544-3.patch: fix memory leak in
contrib/vhost-user-gpu/vhost-user-gpu.c.
- debian/patches/CVE-2021-3544-4.patch: fix memory leak in
contrib/vhost-user-gpu/vhost-user-gpu.c.
- debian/patches/CVE-2021-3544-5.patch: fix memory leak in
contrib/vhost-user-gpu/virgl.c.
- debian/patches/CVE-2021-3544-6.patch: fix memory leak in
contrib/vhost-user-gpu/virgl.c.
- debian/patches/CVE-2021-3544-7.patch: fix OOB write in
contrib/vhost-user-gpu/virgl.c.
- debian/patches/CVE-2021-3544-8.patch: abstract vg_cleanup_mapping_iov
in contrib/vhost-user-gpu/vhost-user-gpu.c,
contrib/vhost-user-gpu/virgl.c, contrib/vhost-user-gpu/vugpu.h.
- CVE-2021-3544
- CVE-2021-3545
- CVE-2021-3546
* SECURITY UPDATE: mremap overflow in the pvrdma device
- debian/patches/CVE-2021-3582.patch: check lengths in
hw/rdma/vmw/pvrdma_cmd.c.
- CVE-2021-3582
* SECURITY UPDATE: integer overflow in pvrdma device
- debian/patches/CVE-2021-3607.patch: ensure correct input on ring init
in hw/rdma/vmw/pvrdma_main.c.
- CVE-2021-3607
* SECURITY UPDATE: uninitialized memory unmap in pvrdma device
- debian/patches/CVE-2021-3608.patch: fix the ring init error flow in
hw/rdma/vmw/pvrdma_dev_ring.c.
- CVE-2021-3608
* SECURITY UPDATE: out-of-bounds access issue in ARM Generic Interrupt
Controller
- debian/patches/CVE-2021-20221.patch: fix interrupt ID in GICD_SGIR
register in hw/intc/arm_gic.c.
- CVE-2021-20221
* SECURITY UPDATE: infinite loop while processing transmit descriptors
- debian/patches/CVE-2021-20257.patch: fail early for evil descriptor
in hw/net/e1000.c.
- CVE-2021-20257
-- Marc Deslauriers <email address hidden> Mon, 12 Jul 2021 11:03:37 -040
|
CVE-2020-15469 |
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. |
CVE-2020-35504 |
A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to |
CVE-2020-35505 |
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while h |
CVE-2021-3392 |
A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas |
CVE-2021-3409 |
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues pr |
CVE-2021-3416 |
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs |
CVE-2021-3527 |
A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce th |
CVE-2021-3544 |
Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contr |
CVE-2021-3545 |
An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. T |
CVE-2021-3546 |
A flaw was found in vhost-user-gpu of QEMU in versions up to and including 6.0. An out-of-bounds write vulnerability can allow a malicious guest to c |
CVE-2021-3582 |
hw/rdma: Fix possible mremap overflow in the pvrdma device |
CVE-2021-3607 |
pvrdma: unchecked malloc size due to integer overflow in init_dev_ring() |
CVE-2021-3608 |
pvrdma: uninitialized memory unmap in pvrdma_ring_init() |
CVE-2021-20221 |
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 |
CVE-2021-20257 |
net: e1000: infinite loop while processing transmit descriptors |
|
About
-
Send Feedback to @ubuntu_updates