UbuntuUpdates.org

Package "qemu"

Name: qemu

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • extra block backend modules for qemu-system and qemu-utils
  • QEMU full system emulation binaries
  • QEMU full system emulation binaries (arm)
  • QEMU full system emulation binaries (common files)
Latest version: 1:6.0+dfsg-2expubuntu1.3
Release: impish (21.10)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "qemu" in Impish

Repository Area Version
base main 1:6.0+dfsg-2expubuntu1
base universe 1:6.0+dfsg-2expubuntu1
security universe 1:6.0+dfsg-2expubuntu1.3
updates main 1:6.0+dfsg-2expubuntu1.3
updates universe 1:6.0+dfsg-2expubuntu1.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:6.0+dfsg-2expubuntu1.3 2022-06-21 16:06:30 UTC

  qemu (1:6.0+dfsg-2expubuntu1.3) impish-security; urgency=medium

  * SECURITY UPDATE: heap overflow in floppy disk emulator
    - debian/patches/CVE-2021-3507.patch: prevent end-of-track overrun in
      hw/block/fdc.c.
    - CVE-2021-3507
  * SECURITY UPDATE: integer overflow in QXL display device emulation
    - debian/patches/CVE-2021-4206.patch: check width and height in
      hw/display/qxl-render.c, hw/display/vmware_vga.c, ui/cursor.c.
    - CVE-2021-4206
  * SECURITY UPDATE: heap overflow in QXL display device emulation
    - debian/patches/CVE-2021-4207.patch: fix race condition in qxl_cursor
      in hw/display/qxl-render.c.
    - CVE-2021-4207
  * SECURITY UPDATE: memory leakage in virtio-net device
    - debian/patches/CVE-2022-26353.patch: fix map leaking on error during
      receive in hw/net/virtio-net.c.
    - CVE-2022-26353
  * SECURITY UPDATE: memory leakage in vhost-vsock device
    - debian/patches/CVE-2022-26354.patch: detach the virqueue element in
      case of error in hw/virtio/vhost-vsock-common.c.
    - CVE-2022-26354

 -- Marc Deslauriers <email address hidden> Thu, 09 Jun 2022 11:30:03 -0400
Source diff to previous version
CVE-2021-3507 A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block
CVE-2021-4206 A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a smal
CVE-2021-4207 A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.he
CVE-2022-26353 A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the c
CVE-2022-26354 A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memor

Version: 1:6.0+dfsg-2expubuntu1.2 2022-02-28 14:07:17 UTC

  qemu (1:6.0+dfsg-2expubuntu1.2) impish-security; urgency=medium

  * SECURITY UPDATE: multiple issues in vhost-user GPU device
    - debian/patches/CVE-2021-3544-1.patch: fix memory disclosure in
      contrib/vhost-user-gpu/virgl.c.
    - debian/patches/CVE-2021-3544-2.patch: fix resource leak in
      contrib/vhost-user-gpu/vhost-user-gpu.c.
    - debian/patches/CVE-2021-3544-3.patch: fix memory leak in
      contrib/vhost-user-gpu/vhost-user-gpu.c.
    - debian/patches/CVE-2021-3544-4.patch: fix memory leak in
      contrib/vhost-user-gpu/vhost-user-gpu.c.
    - debian/patches/CVE-2021-3544-5.patch: fix memory leak in
      contrib/vhost-user-gpu/virgl.c.
    - debian/patches/CVE-2021-3544-6.patch: fix memory leak in
      contrib/vhost-user-gpu/virgl.c.
    - debian/patches/CVE-2021-3544-7.patch: fix OOB write in
      contrib/vhost-user-gpu/virgl.c.
    - debian/patches/CVE-2021-3544-8.patch: abstract vg_cleanup_mapping_iov
      in contrib/vhost-user-gpu/vhost-user-gpu.c,
      contrib/vhost-user-gpu/virgl.c, contrib/vhost-user-gpu/vugpu.h.
    - CVE-2021-3544
    - CVE-2021-3545
    - CVE-2021-3546
  * SECURITY UPDATE: crash or code exec in USB redirector device emulation
    - debian/patches/CVE-2021-3682.patch: fix free call in
      hw/usb/redirect.c.
    - CVE-2021-3682
  * SECURITY UPDATE: OOB write in UAS (USB Attached SCSI) device
    - debian/patches/CVE-2021-3713.patch: add stream number sanity checks
      in hw/usb/dev-uas.c.
    - CVE-2021-3713
  * SECURITY UPDATE: heap use-after-free in virtio_net_receive_rcu
    - debian/patches/CVE-2021-3748.patch: fix use after unmap/free for sg
      in hw/net/virtio-net.c.
    - CVE-2021-3748
  * SECURITY UPDATE: off-by-one error in mode_sense_page()
    - debian/patches/CVE-2021-3930.patch: MODE_PAGE_ALLS not allowed in
      MODE SELECT commands in hw/scsi/scsi-disk.c.
    - CVE-2021-3930
  * SECURITY UPDATE: NULL pointer dereference in pci_write()
    - debian/patches/CVE-2021-4158.patch: validate hotplug selector on
      access in hw/acpi/pcihp.c.
    - CVE-2021-4158
  * SECURITY UPDATE: NULL dereference in floppy disk emulator
    - debian/patches/CVE-2021-20196-1.patch: Extract
      blk_create_empty_drive() in hw/block/fdc.c.
    - debian/patches/CVE-2021-20196-2.patch: kludge missing floppy drive in
      hw/block/fdc.c.
    - CVE-2021-20196
  * SECURITY UPDATE: integer overflow in vmxnet3 NIC emulator
    - debian/patches/CVE-2021-20203.patch: validate configuration values
      during activate in hw/net/vmxnet3.c.
    - CVE-2021-20203
  * SECURITY UPDATE: potential privilege escalation in virtiofsd
    - debian/patches/CVE-2022-0358.patch: Drop membership of all
      supplementary groups in tools/virtiofsd/passthrough_ll.c.
    - CVE-2022-0358

 -- Marc Deslauriers <email address hidden> Tue, 22 Feb 2022 09:32:56 -0500
CVE-2021-3544 Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contr
CVE-2021-3545 An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. T
CVE-2021-3546 A flaw was found in vhost-user-gpu of QEMU in versions up to and including 6.0. An out-of-bounds write vulnerability can allow a malicious guest to c
CVE-2021-3682 A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfe
CVE-2021-3713 An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the gue
CVE-2021-3748 virtio-net: heap use-after-free in virtio_net_receive_rcu
CVE-2021-3930 An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the
CVE-2021-4158 NULL pointer dereference in pci_write() in hw/acpi/pcihp.c
CVE-2021-20196 A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the s
CVE-2021-20203 An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid


About   -   Send Feedback to @ubuntu_updates