UbuntuUpdates.org

Package "qemu-system-common"

Name: qemu-system-common

Description:

QEMU full system emulation binaries (common files)

Latest version: 1:8.2.2+ds-0ubuntu1.4
Release: noble (24.04)
Level: security
Repository: main
Head package: qemu
Homepage: http://www.qemu.org/

Links


Download "qemu-system-common"


Other versions of "qemu-system-common" in Noble

Repository Area Version
base main 1:8.2.2+ds-0ubuntu1
updates main 1:8.2.2+ds-0ubuntu1.4

Changelog

Version: 1:8.2.2+ds-0ubuntu1.4 2024-11-11 04:06:53 UTC

  qemu (1:8.2.2+ds-0ubuntu1.4) noble-security; urgency=medium

  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2024-4693-1.patch: virtio-pci: fix use of a
      released vector
    - debian/patches/CVE-2024-4693-2.patch: virtio-pci: Fix the use of
      an uninitialized irqfd
    - CVE-2024-4693
  * SECURITY UPDATE: heap buffer overflow
    - debian/patches/CVE-2024-7730.patch: add max size bounds check in
      input cb
    - CVE-2024-7730

 -- Bruce Cable <email address hidden> Tue, 22 Oct 2024 15:57:13 +1100

Source diff to previous version
CVE-2024-4693 A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c). An improper release and use of the irqfd for vector 0 during the boot proc

Version: 1:8.2.2+ds-0ubuntu1.2 2024-08-22 07:07:08 UTC

  qemu (1:8.2.2+ds-0ubuntu1.2) noble-security; urgency=medium

  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2024-26327.patch: Check num_vfs size
    - CVE-2024-26327
  * SECURITY UPDATE: out of bounds memory access
    - debian/patches/CVE-2024-26328.patch: Use pcie_sriov_num_vfs to
      get number of enabled vfs before and after config writes
    - CVE-2024-26328

 -- Bruce Cable <email address hidden> Wed, 21 Aug 2024 11:53:08 +1000

CVE-2024-26327 An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater
CVE-2024-26328 An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interact



About   -   Send Feedback to @ubuntu_updates