UbuntuUpdates.org

Package "qemu-user"

Name: qemu-user

Description:

QEMU user mode emulation binaries

Latest version: 1:6.2+dfsg-2ubuntu6.24
Release: jammy (22.04)
Level: updates
Repository: universe
Head package: qemu
Homepage: http://www.qemu.org/

Links


Download "qemu-user"


Other versions of "qemu-user" in Jammy

Repository Area Version
base universe 1:6.2+dfsg-2ubuntu6
security universe 1:6.2+dfsg-2ubuntu6.24

Changelog

Version: 1:6.2+dfsg-2ubuntu6.18 2024-04-04 20:06:55 UTC

  qemu (1:6.2+dfsg-2ubuntu6.18) jammy; urgency=medium

  * d/p/u/lp-2046439-s390x-*.patch: Fix emulation of
    "COMPARE HALFWORD RELATIVE LONG" on s390x.
    (LP: #2046439)

 -- Sergio Durigan Junior <email address hidden> Wed, 21 Feb 2024 15:44:50 -0500

Source diff to previous version
2046439 Wrong code execution of s390x code with qemu TCG

Version: 1:6.2+dfsg-2ubuntu6.17 2024-02-15 22:07:00 UTC

  qemu (1:6.2+dfsg-2ubuntu6.17) jammy; urgency=medium

  * d/rules: modify qemu-block-extra postinst to avoid
    restarting run-qemu.mount (LP: #2051153)

 -- Christian Ehrhardt <email address hidden> Mon, 29 Jan 2024 11:43:30 +0100

Source diff to previous version
2051153 run-qemu.mount is restarted on upgrades

Version: 1:6.2+dfsg-2ubuntu6.16 2024-01-08 21:06:57 UTC

  qemu (1:6.2+dfsg-2ubuntu6.16) jammy-security; urgency=medium

  * SECURITY UPDATE: infinite loop in USB xHCI controller
    - debian/patches/CVE-2020-14394.patch: fix unbounded loop in
      hw/usb/hcd-xhci.c.
    - CVE-2020-14394
  * SECURITY UPDATE: OOB read in RDMA device
    - debian/patches/CVE-2023-1544.patch: protect against buggy or
      malicious guest driver in hw/rdma/vmw/pvrdma_main.c.
    - CVE-2023-1544
  * SECURITY UPDATE: 9pfs special file access
    - debian/patches/CVE-2023-2861.patch: prevent opening special files in
      fsdev/virtfs-proxy-helper.c, hw/9pfs/9p-util.h.
    - CVE-2023-2861
  * SECURITY UPDATE: heap overflow in crypto device
    - debian/patches/CVE-2023-3180.patch: verify src&dst buffer length for
      sym request in hw/virtio/virtio-crypto.c.
    - CVE-2023-3180
  * SECURITY UPDATE: infinite loop in VNC server
    - debian/patches/CVE-2023-3255.patch: fix infinite loop in
      inflate_buffer in ui/vnc-clipboard.c.
    - CVE-2023-3255
  * SECURITY UPDATE: race in virtio-net hot-unplug
    - debian/patches/CVE-2023-3301.patch: do not cleanup the vdpa/vhost-net
      structures if peer nic is present in net/vhost-vdpa.c.
    - CVE-2023-3301
  * SECURITY UPDATE: DoS in VNC server
    - debian/patches/CVE-2023-3354.patch: remove io watch if TLS channel is
      closed during handshake in include/io/channel-tls.h,
      io/channel-tls.c.
    - CVE-2023-3354
  * SECURITY UPDATE: disk offset 0 access
    - debian/patches/CVE-2023-5088.patch: cancel async DMA operation before
      resetting state in hw/ide/core.c.
    - CVE-2023-5088
  * SECURITY UPDATE: DoS in Intel HD Audio device
    - debian/patches/CVE-2021-3611-*.patch: add MemTxAttrs argument to
      DMA functions and use it in hw/audio/intel-hda.c.
    - CVE-2021-3611

 -- Marc Deslauriers <email address hidden> Thu, 30 Nov 2023 09:53:27 -0500

Source diff to previous version
CVE-2020-14394 An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. Thi
CVE-2023-1544 A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a
CVE-2023-2861 A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host s
CVE-2023-3180 A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no ch
CVE-2023-3255 A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when in
CVE-2023-3301 A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci fr
CVE-2023-3354 A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections cro
CVE-2023-5088 A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overw
CVE-2021-3611 A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU pr

Version: 1:6.2+dfsg-2ubuntu6.15 2023-10-18 09:06:56 UTC

  qemu (1:6.2+dfsg-2ubuntu6.15) jammy; urgency=medium

  * d/rules: remove --no-start for qemu-guest-agent (LP: #2028124)

 -- Mitchell Dzurick <email address hidden> Fri, 15 Sep 2023 14:39:05 -0400

Source diff to previous version
2028124 apt dist-upgrade does not restart package qemu-guest-agent

Version: 1:6.2+dfsg-2ubuntu6.14 2023-09-28 03:07:15 UTC

  qemu (1:6.2+dfsg-2ubuntu6.14) jammy; urgency=medium

  * d/u/lp-2033957-virtiofsd-Fix-breakage-due-to-fuse_init_in.patch:
    Fix virtiofsd breakage due to fuse_init_in size change, which
    happened because of the Linux kernel 5.17 headers that were
    imported in a previous patch. (LP: #2033957)

 -- Sergio Durigan Junior <email address hidden> Tue, 05 Sep 2023 22:58:36 -0400

2033957 virtiofs guest connection refused after upgrade qemu-system-x86:amd64 (1:6.2+dfsg-2ubuntu6.12, 1:6.2+dfsg-2ubuntu6.13)



About   -   Send Feedback to @ubuntu_updates