UbuntuUpdates.org

Package "qemu"

Name: qemu

Description:

fast processor emulator, dummy package

Latest version: 1:5.0-5ubuntu9.6
Release: groovy (20.10)
Level: updates
Repository: main
Homepage: http://www.qemu.org/

Links


Download "qemu"


Other versions of "qemu" in Groovy

Repository Area Version
base universe 1:5.0-5ubuntu9
base main 1:5.0-5ubuntu9
security main 1:5.0-5ubuntu9.6
security universe 1:5.0-5ubuntu9.6
updates universe 1:5.0-5ubuntu9.6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:5.0-5ubuntu9.6 2021-02-22 19:07:04 UTC

  qemu (1:5.0-5ubuntu9.6) groovy-security; urgency=medium

  * SECURITY REGRESSION: fix multiple regressions caused by CVE-2020-13754
    security update (LP: #1914883)
    - debian/patches/ubuntu/CVE-2020-13754-3.patch: log invalid memory
      accesses in memory.c.
    - debian/patches/ubuntu/CVE-2020-13754-4.patch: allow 16-bit writes to
      memory region in hw/riscv/sifive_test.c.
    - debian/patches/ubuntu/CVE-2020-13754-5.patch: allow 64-bit accesses
      in hw/timer/slavio_timer.c.
    - debian/patches/ubuntu/CVE-2020-13754-6.patch: allow less than 32-bit
      accesses in hw/char/bcm2835_aux.c.
    - debian/patches/ubuntu/CVE-2020-13754-7.patch: unbreak size mismatch
      memory accesses in hw/display/artist.c.

 -- Marc Deslauriers <email address hidden> Wed, 10 Feb 2021 08:10:20 -0500

Source diff to previous version
1914883 hart0: trap handler failed (error -2) (Needs cherry-pick ab3d207f)
CVE-2020-13754 hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.

Version: 1:5.0-5ubuntu9.4 2021-02-08 15:07:35 UTC

  qemu (1:5.0-5ubuntu9.4) groovy-security; urgency=medium

  * SECURITY UPDATE: use-after-free in e1000e
    - debian/patches/ubuntu/CVE-2020-15859.patch: forbid the reentrant RX
      in net/queue.c.
    - CVE-2020-15859
  * SECURITY UPDATE: OOB write to MSI-X table
    - debian/patches/ubuntu/CVE-2020-27821.patch: clamp cached translation
      in case it points to an MMIO region in exec.c.
    - CVE-2020-27821
  * SECURITY UPDATE: infinite loop in e1000e
    - debian/patches/ubuntu/CVE-2020-28916.patch: advance desc_offset in
      case of null descriptor in hw/net/e1000e_core.c.
    - CVE-2020-28916
  * SECURITY UPDATE: out of bounds read in atapi
    - debian/patches/ubuntu/CVE-2020-29443-1.patch: assert that the buffer
      pointer is in range in hw/ide/atapi.c.
    - debian/patches/ubuntu/CVE-2020-29443-2.patch: check logical block
      address and read size in hw/ide/atapi.c.
    - CVE-2020-29443
  * SECURITY UPDATE: use after free in 9p
    - debian/patches/ubuntu/CVE-2021-20181.patch: fully restart unreclaim
      loop in hw/9pfs/9p.c.
    - CVE-2021-20181

 -- Marc Deslauriers <email address hidden> Wed, 03 Feb 2021 10:35:16 -0500

Source diff to previous version
CVE-2020-15859 QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000
CVE-2020-27821 A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds w
CVE-2020-28916 hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.
CVE-2020-29443 ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
CVE-2021-20181 9pfs: Fully restart unreclaim loop

Version: 1:5.0-5ubuntu9.3 2021-01-18 19:06:32 UTC

  qemu (1:5.0-5ubuntu9.3) groovy; urgency=medium

  * d/p/ubuntu/lp-1907656-s390x-s390-virtio-ccw-Reset-PCI-devices-during-subsy:
    avoid PCI devices to become unavailable on reset (LP: #1907656)
  * d/rules: fix qemu-user-static to really be static (LP: #1908331)

 -- Christian Ehrhardt <email address hidden> Tue, 05 Jan 2021 15:46:16 +0100

Source diff to previous version
1907656 [UBUNTU 21.04] s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset
1908331 Regression: qemu-user-static binaries are dynamically linked

Version: 1:5.0-5ubuntu9.2 2020-11-30 16:06:26 UTC

  qemu (1:5.0-5ubuntu9.2) groovy-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in sdhci_sdma_transfer_multi_blocks()
    - debian/patches/ubuntu/CVE-2020-17380.patch: fix DMA Transfer Block
      Size field in hw/sd/sdhci.c.
    - CVE-2020-17380
    - CVE-2020-25085
  * SECURITY UPDATE: use-after-free via unchecked return value
    - debian/patches/ubuntu/CVE-2020-25084.patch: check return value of
      'usb_packet_map' in hw/usb/hcd-xhci.c.
    - CVE-2020-25084
  * SECURITY UPDATE: out-of-bound access issue
    - debian/patches/ubuntu/CVE-2020-25624.patch: check len and
      frame_number variables in hw/usb/hcd-ohci.c.
    - CVE-2020-25624
  * SECURITY UPDATE: infinite loop when a TD list has a loop
    - debian/patches/ubuntu/CVE-2020-25625.patch: check for processed TD
      before retire in hw/usb/hcd-ohci.c.
    - CVE-2020-25625
  * SECURITY UPDATE: assertion failure through usb_packet_unmap()
    - debian/patches/ubuntu/CVE-2020-25723.patch: check return value of
      'usb_packet_map' in hw/usb/hcd-ehci.c.
    - CVE-2020-25723
  * SECURITY UPDATE: bounds issue in ati_2d_blt
    - debian/patches/ubuntu/CVE-2020-27616.patch: check x y display
      parameter values in hw/display/ati_2d.c.
    - CVE-2020-27616
  * SECURITY UPDATE: assertion failure
    - debian/patches/ubuntu/CVE-2020-27617.patch: remove an assert call in
      eth_get_gso_type in net/eth.c.
    - CVE-2020-27617
  * Assertion failure via zero mmap_min_addr (LP: #1897854)
    - debian/patches/ubuntu/lp1897854-Ensure-mmap_min_addr-is-non-zero.patch:
      ensure mmap_min_addr is non-zero in linux-user/main.c.

 -- Marc Deslauriers <email address hidden> Fri, 20 Nov 2020 08:02:13 -0500

Source diff to previous version
1897854 groovy qemu-arm-static: /build/qemu-W3R0Rj/qemu-5.0/linux-user/elfload.c:2317: pgb_reserved_va: Assertion `guest_base != 0' failed.
CVE-2020-17380 heap buffer overflow in sdhci_sdma_transfer_multi_blocks() in hw/sd/sdhci.c
CVE-2020-25085 QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZ
CVE-2020-25084 QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.
CVE-2020-25624 hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via ...
CVE-2020-25625 hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.
CVE-2020-25723 assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c
CVE-2020-27616 ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process.
CVE-2020-27617 eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data

Version: 1:5.0-5ubuntu9.1 2020-11-24 19:14:33 UTC

  qemu (1:5.0-5ubuntu9.1) groovy; urgency=medium

  * d/p/ubuntu/define-ubuntu-machine-types.patch: update to fix 15.04 wily
    machine type to match how it originally was released (LP: #1902654)

 -- Christian Ehrhardt <email address hidden> Mon, 09 Nov 2020 08:19:07 +0100

1902654 failure to migrate virtual machines with pc-i440fx-wily type to ubuntu 20.04



About   -   Send Feedback to @ubuntu_updates