qemu (1:2.5+dfsg-5ubuntu10.39) xenial-security; urgency=medium * Disable patches from 1:2.5+dfsg-5ubuntu10.37 to prevent regression (LP: #1829245) - d/p/lp1823458/add-VirtIONet-vhost_stopped-flag-to-prevent-multiple.patch - d/p/lp1823458/do-not-call-vhost_net_cleanup-on-running-net-from-ch.patch -- Marc Deslauriers Thu, 16 May 2019 07:11:54 -0400 qemu (1:2.5+dfsg-5ubuntu10.38) xenial-security; urgency=medium * SECURITY UPDATE: Add support for exposing md-clear functionality to guests - d/p/ubuntu/enable-md-clear.patch - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 * SECURITY UPDATE: heap overflow when loading device tree blob - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to copy the device tree blob into is. - CVE-2018-20815 * SECURITY UPDATE: information leak in SLiRP - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when emulating ident. - CVE-2019-9824 -- Steve Beattie Wed, 08 May 2019 23:52:21 -0700 qemu (1:2.5+dfsg-5ubuntu10.38~test.1) xenial-security; urgency=medium * Add support for exposing md-clear functionality to guests - d/u/enable-md-clear.patch -- Steve Beattie Mon, 29 Apr 2019 15:30:26 -0700 qemu (1:2.5+dfsg-5ubuntu10.37) xenial; urgency=medium * d/p/lp1823458/add-VirtIONet-vhost_stopped-flag-to-prevent-multiple.patch, d/p/lp1823458/do-not-call-vhost_net_cleanup-on-running-net-from-ch.patch: - Prevent crash due to race condition on shutdown; this is fixed differently upstream (starting in Bionic), but the change is too large to backport into Xenial. These two very small patches work around the problem in an unintrusive way. (LP: #1823458) -- Dan Streetman Tue, 23 Apr 2019 05:19:55 -0400 qemu (1:2.5+dfsg-5ubuntu10.36) xenial-security; urgency=medium * Spectre/Meltdown fixes for ppc64 (LP: #1765364) - debian/patches/lp1765364/*.patches: add backported capabilities and spectre/meltdown commits. * SECURITY UPDATE: race during file renaming in v9fs_wstat - debian/patches/CVE-2018-19489.patch: add locks to hw/9pfs/9p.c. - CVE-2018-19489 * SECURITY UPDATE: heap based buffer overflow in slirp - debian/patches/CVE-2019-6778.patch: check data length while emulating ident function in slirp/tcp_subr.c. - CVE-2019-6778 -- Marc Deslauriers Fri, 22 Mar 2019 14:19:08 -0400 qemu (1:2.5+dfsg-5ubuntu10.35) xenial; urgency=medium * Fix deadlock when detaching network interface (LP: #1818880) Fixed by upstream patch: - d/p/lp-1818880-rcu-disable-atfork.patch: rcu: completely disable pthread_atfork callbacks as soon as possible -- Heitor R. Alves de Siqueira Fri, 01 Mar 2019 15:59:01 -0300 qemu (1:2.5+dfsg-5ubuntu10.34) xenial; urgency=medium * d/p/ubuntu/lp1807743-linux-user-timerfd.patch: fix define for timerfd_create system call (LP: #1807743) -- Christian Ehrhardt Wed, 12 Dec 2018 13:18:01 +0100 qemu (1:2.5+dfsg-5ubuntu10.33) xenial-security; urgency=medium * SECURITY UPDATE: integer overflow in NE2000 NIC emulation - debian/patches/CVE-2018-10839.patch: use proper type in hw/net/ne2000.c. - CVE-2018-10839 * SECURITY UPDATE: buffer overflow via incoming fragmented datagrams - debian/patches/CVE-2018-11806.patch: correct size computation in slirp/mbuf.c, slirp/mbuf.h. - CVE-2018-11806 * SECURITY UPDATE: integer overflow via crafted QMP command - debian/patches/CVE-2018-12617.patch: check bytes count read by guest-file-read in qga/commands-posix.c. - CVE-2018-12617 * SECURITY UPDATE: buffer overflow in rtl8139 - debian/patches/CVE-2018-17958.patch: use proper type in hw/net/rtl8139.c. - CVE-2018-17958 * SECURITY UPDATE: buffer overflow in pcnet - debian/patches/CVE-2018-17962.patch: use proper type in hw/net/pcnet.c. - CVE-2018-17962 * SECURITY UPDATE: DoS via large packet sizes - debian/patches/CVE-2018-17963.patch: check size in net/net.c. - CVE-2018-17963 * SECURITY UPDATE: DoS in lsi53c895a - debian/patches/CVE-2018-18849.patch: check message length value is valid in hw/scsi/lsi53c895a.c. - CVE-2018-18849 * SECURITY UPDATE: race condition in 9p - debian/patches/CVE-2018-19364-1.patch: use write lock in hw/9pfs/cofile.c. - debian/patches/CVE-2018-19364-2.patch: use write lock in hw/9pfs/virtio-9p.c. - CVE-2018-19364 -- Marc Deslauriers Wed, 21 Nov 2018 14:53:19 -0500 qemu (1:2.5+dfsg-5ubuntu10.32) xenial; urgency=medium * fix migration of new guests on ppc64el (LP: #1783140) Fixed by backporting two patches from the 2.6.x stable branch - d/p/ubuntu/lp-1783140-virtio-set-low-features-early-on-load.patch - d/p/ubuntu/lp-1783140-Revert-virtio-net-unbreak-self-announcement.patch -- Christian Ehrhardt Tue, 11 Sep 2018 15:00:19 +0200 qemu (1:2.5+dfsg-5ubuntu10.31) xenial; urgency=medium * d/p/ubuntu/lp-1587065-qga-ignore-EBUSY-when-freezing-a-filesystem.patch: Fix qemu-guest-agent failing to freeze filesystems that were mounted multiple times like bind mounts. (LP: #1587065). -- Christian Ehrhardt Thu, 28 Jun 2018 11:35:05 +0200 # For older changelog entries, run 'apt-get changelog qemu-block-extra'