UbuntuUpdates.org

Package "qemu"

Name: qemu

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • extra block backend modules for qemu-system and qemu-utils
  • QEMU full system emulation binaries
  • QEMU full system emulation binaries (arm)
  • QEMU full system emulation binaries (common files)

Latest version: 1:8.2.2+ds-0ubuntu1.4
Release: noble (24.04)
Level: security
Repository: main

Links



Other versions of "qemu" in Noble

Repository Area Version
base universe 1:8.2.2+ds-0ubuntu1
base main 1:8.2.2+ds-0ubuntu1
security universe 1:8.2.2+ds-0ubuntu1.4
updates main 1:8.2.2+ds-0ubuntu1.4
updates universe 1:8.2.2+ds-0ubuntu1.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:8.2.2+ds-0ubuntu1.4 2024-11-11 04:06:53 UTC

  qemu (1:8.2.2+ds-0ubuntu1.4) noble-security; urgency=medium

  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2024-4693-1.patch: virtio-pci: fix use of a
      released vector
    - debian/patches/CVE-2024-4693-2.patch: virtio-pci: Fix the use of
      an uninitialized irqfd
    - CVE-2024-4693
  * SECURITY UPDATE: heap buffer overflow
    - debian/patches/CVE-2024-7730.patch: add max size bounds check in
      input cb
    - CVE-2024-7730

 -- Bruce Cable <email address hidden> Tue, 22 Oct 2024 15:57:13 +1100

Source diff to previous version
CVE-2024-4693 A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c). An improper release and use of the irqfd for vector 0 during the boot proc

Version: 1:8.2.2+ds-0ubuntu1.2 2024-08-22 07:07:08 UTC

  qemu (1:8.2.2+ds-0ubuntu1.2) noble-security; urgency=medium

  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2024-26327.patch: Check num_vfs size
    - CVE-2024-26327
  * SECURITY UPDATE: out of bounds memory access
    - debian/patches/CVE-2024-26328.patch: Use pcie_sriov_num_vfs to
      get number of enabled vfs before and after config writes
    - CVE-2024-26328

 -- Bruce Cable <email address hidden> Wed, 21 Aug 2024 11:53:08 +1000

CVE-2024-26327 An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater
CVE-2024-26328 An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interact



About   -   Send Feedback to @ubuntu_updates