Univention Bugzilla – Bug 49582
qemu: Multiple issues (4.4)
Last modified: 2019-06-24 13:34:57 CEST
New Debian qemu 1:2.8+dfsg-6+deb9u6A~4.4.0.201906031001 fixes: This update addresses the following issues: * 1:2.8+dfsg-6+deb9u6 (Wed, 29 May 2019 14:39:09 +0300) [ Moritz Mühlenhoff <jmm@debian.org> ] * slirp-correct-size-computation-concatenating-mbuf-CVE-2018-11806.patch , CVE-2018-11806) * qga-check-bytes-count-read-by-guest-file-read-CVE-2018-12617.patch , CVE-2018-12617) * usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch , CVE-2018-16872) * rtl8139-fix-possible-out-of-bound-access-CVE-2018-17958.patch , CVE-2018-17958) * lsi53c895a-check-message-length-value-is-valid-CVE-2018-18849.patch , CVE-2018-18849) * ppc-pnv-check-size-before-data-buffer-access-CVE-2018-18954.patch , CVE-2018-18954) * 9p-write-lock-path-in-v9fs-co_open2.patch 9p-take-write-lock-on-fid-path-updates-CVE-2018-19364.patch , CVE-2018-19364) * 9p-fix-QEMU-crash-when-renaming-files-CVE-2018-19489.patch , CVE-2018-19489) * i2c-ddc-fix-oob-read-CVE-2019-3812.patch , CVE-2019-3812) * slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch , CVE-2019-6778) * slirp-check-sscanf-result-when-emulating-ident-CVE-2019-9824.patch (Closes: CVE-2019-9824) [ Michael Tokarev ] * enable-md-clear.patch define new CPUID for MDS (Closes: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091) * qxl-check-release-info-object-CVE-2019-12155.patch fixes null-pointer deref in qxl cleanup code , CVE-2019-12155)
--- mirror/ftp/4.4/unmaintained/4.4-0/source/qemu_2.8+dfsg-6+deb9u5A~4.3.0.201811261055.dsc +++ apt/ucs_4.4-0-errata4.4-0/source/qemu_2.8+dfsg-6+deb9u6A~4.4.0.201906031001.dsc @@ -1,17 +1,42 @@ -1:2.8+dfsg-6+deb9u5A~4.3.0.201811261055 [Mon, 26 Nov 2018 10:55:43 +0100] Univention builddaemon <buildd@univention.de>: +1:2.8+dfsg-6+deb9u6A~4.4.0.201906031001 [Mon, 03 Jun 2019 10:01:33 +0200] Univention builddaemon <buildd@univention.de>: - * UCS auto build. The following patches have been applied to the original source package - 0001-Disable-Xen-for-UCS - 1000-0001-Bug-38877-vram-16M - 1001-0002-Bug-24702-Rom-file-compatibility - 1001-0002-Bug-24702-Rom-file-compatibility - 1002-0003-Bug-24702-e1000-pci-config - 1003-0004-Bug-23445-cache-none - 1004-0005-Bug-28283-kvmclock - 1005-0006-Bug-38877-debug-loadvm-offset - 1006-0007-Bug-38877-fix-qemu-kvm-1.1-piix4_pm-incompatibi - 1007-0008-x86-Work-around-SMI-migration-breakages - 1008-0009-migration-ram.c-do-not-set-postcopy_running-in-POSTC + * UCS auto build. No patches were applied to the original source package + +1:2.8+dfsg-6+deb9u6 [Wed, 29 May 2019 14:39:09 +0300] Michael Tokarev <mjt@tls.msk.ru>: + + [ Moritz Mühlenhoff <jmm@debian.org> ] + * slirp-correct-size-computation-concatenating-mbuf-CVE-2018-11806.patch + (Closes: #901017, CVE-2018-11806) + * qga-check-bytes-count-read-by-guest-file-read-CVE-2018-12617.patch + (Closes: #902725, CVE-2018-12617) + * usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch + (Closes: #916397, CVE-2018-16872) + * rtl8139-fix-possible-out-of-bound-access-CVE-2018-17958.patch + (Closes: #911499, CVE-2018-17958) + * lsi53c895a-check-message-length-value-is-valid-CVE-2018-18849.patch + (Closes: #912535, CVE-2018-18849) + * ppc-pnv-check-size-before-data-buffer-access-CVE-2018-18954.patch + (Closes: #914604, CVE-2018-18954) + * 9p-write-lock-path-in-v9fs-co_open2.patch + 9p-take-write-lock-on-fid-path-updates-CVE-2018-19364.patch + (Closes: #914599, CVE-2018-19364) + * 9p-fix-QEMU-crash-when-renaming-files-CVE-2018-19489.patch + (Closes: #914727, CVE-2018-19489) + * i2c-ddc-fix-oob-read-CVE-2019-3812.patch + (Closes: #922635, CVE-2019-3812) + * slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch + (Closes: #921525, CVE-2019-6778) + * slirp-check-sscanf-result-when-emulating-ident-CVE-2019-9824.patch + (Closes: CVE-2019-9824) + + [ Michael Tokarev ] + * enable-md-clear.patch + define new CPUID for MDS + (Closes: #929067) + (Closes: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091) + * qxl-check-release-info-object-CVE-2019-12155.patch + fixes null-pointer deref in qxl cleanup code + (Closes: #929353, CVE-2019-12155) 1:2.8+dfsg-6+deb9u5 [Thu, 08 Nov 2018 16:41:45 +0100] Moritz Mühlenhoff <jmm@debian.org>: <http://10.200.17.11/4.4-0/#389798254591958749>
--- mirror/ftp/4.4/unmaintained/4.4-0/source/qemu_2.8+dfsg-6+deb9u5A~4.3.0.201811261055.dsc +++ apt/ucs_4.4-0-errata4.4-0/source/qemu_2.8+dfsg-6+deb9u6A~4.4.0.201906031135.dsc @@ -1,4 +1,4 @@ -1:2.8+dfsg-6+deb9u5A~4.3.0.201811261055 [Mon, 26 Nov 2018 10:55:43 +0100] Univention builddaemon <buildd@univention.de>: +1:2.8+dfsg-6+deb9u6A~4.4.0.201906031135 [Mon, 03 Jun 2019 11:35:54 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 0001-Disable-Xen-for-UCS @@ -13,6 +13,42 @@ 1007-0008-x86-Work-around-SMI-migration-breakages 1008-0009-migration-ram.c-do-not-set-postcopy_running-in-POSTC +1:2.8+dfsg-6+deb9u6 [Wed, 29 May 2019 14:39:09 +0300] Michael Tokarev <mjt@tls.msk.ru>: + + [ Moritz Mühlenhoff <jmm@debian.org> ] + * slirp-correct-size-computation-concatenating-mbuf-CVE-2018-11806.patch + (Closes: #901017, CVE-2018-11806) + * qga-check-bytes-count-read-by-guest-file-read-CVE-2018-12617.patch + (Closes: #902725, CVE-2018-12617) + * usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch + (Closes: #916397, CVE-2018-16872) + * rtl8139-fix-possible-out-of-bound-access-CVE-2018-17958.patch + (Closes: #911499, CVE-2018-17958) + * lsi53c895a-check-message-length-value-is-valid-CVE-2018-18849.patch + (Closes: #912535, CVE-2018-18849) + * ppc-pnv-check-size-before-data-buffer-access-CVE-2018-18954.patch + (Closes: #914604, CVE-2018-18954) + * 9p-write-lock-path-in-v9fs-co_open2.patch + 9p-take-write-lock-on-fid-path-updates-CVE-2018-19364.patch + (Closes: #914599, CVE-2018-19364) + * 9p-fix-QEMU-crash-when-renaming-files-CVE-2018-19489.patch + (Closes: #914727, CVE-2018-19489) + * i2c-ddc-fix-oob-read-CVE-2019-3812.patch + (Closes: #922635, CVE-2019-3812) + * slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch + (Closes: #921525, CVE-2019-6778) + * slirp-check-sscanf-result-when-emulating-ident-CVE-2019-9824.patch + (Closes: CVE-2019-9824) + + [ Michael Tokarev ] + * enable-md-clear.patch + define new CPUID for MDS + (Closes: #929067) + (Closes: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091) + * qxl-check-release-info-object-CVE-2019-12155.patch + fixes null-pointer deref in qxl cleanup code + (Closes: #929353, CVE-2019-12155) + 1:2.8+dfsg-6+deb9u5 [Thu, 08 Nov 2018 16:41:45 +0100] Moritz Mühlenhoff <jmm@debian.org>: * Backport SSBD support (Closes: #908682) <http://10.200.17.11/4.4-0/#5933988842494271249>
OK: yaml OK: announce_errata OK: patch OK: piuparts OK: diff <(qemu-system-x86_64 -cpu \?) < arat md-clear > arat [4.4-0] b158583889 Bug #49582: qemu 1:2.8+dfsg-6+deb9u6A~4.4.0.201906031135 doc/errata/staging/qemu.yaml | 53 ++++++++++++++++++++++---------------------- 1 file changed, 26 insertions(+), 27 deletions(-) [4.4-0] 03ff8c93fa Bug #49582: qemu 1:2.8+dfsg-6+deb9u6A~4.4.0.201906031001 doc/errata/staging/qemu.yaml | 52 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+)
<http://errata.software-univention.de/ucs/4.4/140.html>