Ubuntu
qemu-kvm package

qemu-kvm 0.12.3+noroms-0ubuntu9.24 source package in Ubuntu

Changelog

qemu-kvm (0.12.3+noroms-0ubuntu9.24) lucid-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code exection via
    incorrect image format validation (LP: #1322204)
    - debian/patches/CVE-2014-0142.patch: validate extent_size header field
      in block/bochs.c, validate s->tracks in block/parallels.c, validate
      block size in block/vpc.c, backport function to qemu-common.h,
      backport DIV_ROUND_UP to osdep.h.
    - CVE-2014-0142
  * SECURITY UPDATE: denial of service and possible code exection via
    incorrect image format validation (LP: #1322204)
    - debian/patches/CVE-2014-0143.patch: validate nb_sectors in
      block.c, validate catalog_size header field in block/bochs.c,
      prevent offsets_size integer overflow in block/cloop.c, fix catalog
      size integer overflow in block/parallels.c, validate new_l1_size in
      block/qcow2-cluster.c, use proper size in block/qcow2-refcount.c,
      check L1 snapshot table size in block/qcow2-snapshot.c, check active
      L1 table size in block/qcow2.c, define max size in block/qcow2.h.
    - CVE-2014-0143
  * SECURITY UPDATE: denial of service and possible code exection via
    incorrect image format validation (LP: #1322204)
    - debian/patches/CVE-2014-0144.patch: validate block sizes and offsets
      in block/cloop.c, check offset in block/curl.c, validate size in
      block/qcow2-refcount.c, check number of snapshots in
      block/qcow2-snapshot.c, check sizes and offsets in block/qcow2.c,
      move structs to block/qcow2.h, check sizes in block/vdi.c,
      prevent overflows in block/vpc.c.
    - CVE-2014-0144
  * SECURITY UPDATE: denial of service and possible code exection via
    incorrect image format validation (LP: #1322204)
    - debian/patches/CVE-2014-0145.patch: check chunk sizes in block/dmg.c,
      use correct size in block/qcow2-snapshot.c.
    - CVE-2014-0145
  * SECURITY UPDATE: denial of service and possible code exection via
    incorrect image format validation (LP: #1322204)
    - debian/patches/CVE-2014-0146.patch: calculate offsets properly in
      block/qcow2.c.
    - CVE-2014-0146
  * SECURITY UPDATE: denial of service and possible code exection via
    incorrect image format validation (LP: #1322204)
    - debian/patches/CVE-2014-0147.patch: use proper sizes in block/bochs.c.
    - CVE-2014-0147
  * SECURITY UPDATE: multiple buffer overflows on invalid state load
    - debian/patches: added large number of upstream patches pulled from
      git tree.
    - CVE-2013-4148
    - CVE-2013-4151
    - CVE-2013-4530
    - CVE-2013-4531
    - CVE-2013-4533
    - CVE-2013-4534
    - CVE-2013-4537
    - CVE-2013-4538
    - CVE-2013-4539
    - CVE-2013-4540
    - CVE-2013-6399
    - CVE-2014-0182
    - CVE-2014-0222
    - CVE-2014-0223
 -- Marc Deslauriers <email address hidden>   Tue, 12 Aug 2014 14:35:45 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Lucid
Original maintainer:
Ubuntu Developers
Architectures:
i386 amd64 powerpc s390 lpia all armel sparc
Section:
misc
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
qemu-kvm_0.12.3+noroms.orig.tar.gz 3.7 MiB f5db4af3cd2bd01bc4142b8e0c7cc7da7c8231382512d99dd5e0c3acda30aa6d
qemu-kvm_0.12.3+noroms-0ubuntu9.24.diff.gz 88.9 KiB 75e6d28cce7fe5350dcbc541ca244009a2fe06b818773ade0069e3cc805fbf0e
qemu-kvm_0.12.3+noroms-0ubuntu9.24.dsc 2.1 KiB a3b5d4907e209af694c69f3c8eb9410c25116f96b28c43f4f3f6580b3d5e4dc0

View changes file

Binary packages built by this source

kvm: No summary available for kvm in ubuntu lucid.

No description available for kvm in ubuntu lucid.

qemu: No summary available for qemu in ubuntu lucid.

No description available for qemu in ubuntu lucid.

qemu-arm-static: No summary available for qemu-arm-static in ubuntu lucid.

No description available for qemu-arm-static in ubuntu lucid.

qemu-common: No summary available for qemu-common in ubuntu lucid.

No description available for qemu-common in ubuntu lucid.

qemu-kvm: No summary available for qemu-kvm in ubuntu lucid.

No description available for qemu-kvm in ubuntu lucid.

qemu-kvm-extras: No summary available for qemu-kvm-extras in ubuntu lucid.

No description available for qemu-kvm-extras in ubuntu lucid.

qemu-kvm-extras-static: No summary available for qemu-kvm-extras-static in ubuntu lucid.

No description available for qemu-kvm-extras-static in ubuntu lucid.