This bug was fixed in the package qemu-kvm - 1.0+noroms-0ubuntu14.17 --------------- qemu-kvm (1.0+noroms-0ubuntu14.17) precise-security; urgency=medium
* SECURITY UPDATE: denial of service and possible code exection via incorrect image format validation (LP: #1322204) - debian/patches/CVE-2014-0142.patch: validate extent_size header field in block/bochs.c, validate s->tracks in block/parallels.c, validate block size in block/vpc.c, backport function to qemu-common.h. - CVE-2014-0142 * SECURITY UPDATE: denial of service and possible code exection via incorrect image format validation (LP: #1322204) - debian/patches/CVE-2014-0143.patch: validate nb_sectors in block.c, validate catalog_size header field in block/bochs.c, prevent offsets_size integer overflow in block/cloop.c, fix catalog size integer overflow in block/parallels.c, validate new_l1_size in block/qcow2-cluster.c, use proper size in block/qcow2-refcount.c, check L1 snapshot table size in block/qcow2-snapshot.c, check active L1 table size in block/qcow2.c, define max size in block/qcow2.h. - CVE-2014-0143 * SECURITY UPDATE: denial of service and possible code exection via incorrect image format validation (LP: #1322204) - debian/patches/CVE-2014-0144.patch: validate block sizes and offsets in block/cloop.c, check offset in block/curl.c, validate size in block/qcow2-refcount.c, check number of snapshots in block/qcow2-snapshot.c, check sizes and offsets in block/qcow2.c, move structs to block/qcow2.h, check sizes in block/vdi.c, prevent overflows in block/vpc.c. - CVE-2014-0144 * SECURITY UPDATE: denial of service and possible code exection via incorrect image format validation (LP: #1322204) - debian/patches/CVE-2014-0145.patch: check chunk sizes in block/dmg.c, use correct size in block/qcow2-snapshot.c. - CVE-2014-0145 * SECURITY UPDATE: denial of service and possible code exection via incorrect image format validation (LP: #1322204) - debian/patches/CVE-2014-0146.patch: calculate offsets properly in block/qcow2.c. - CVE-2014-0146 * SECURITY UPDATE: denial of service and possible code exection via incorrect image format validation (LP: #1322204) - debian/patches/CVE-2014-0147.patch: use proper sizes in block/bochs.c, properly calculate refcounts in block/qcow2-refcount.c, block/qcow2.c. - CVE-2014-0147 * SECURITY UPDATE: multiple buffer overflows on invalid state load - debian/patches: added large number of upstream patches pulled from git tree. - CVE-2013-4148 - CVE-2013-4151 - CVE-2013-4527 - CVE-2013-4529 - CVE-2013-4530 - CVE-2013-4531 - CVE-2013-4532 - CVE-2013-4533 - CVE-2013-4534 - CVE-2013-4535 - CVE-2013-4536 - CVE-2013-4537 - CVE-2013-4538 - CVE-2013-4539 - CVE-2013-4540 - CVE-2013-4541 - CVE-2013-6399 - CVE-2014-0182 - CVE-2014-0222 - CVE-2014-0223 - CVE-2014-3461 -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Tue, 12 Aug 2014 13:30:27 -0400 ** Changed in: qemu-kvm (Ubuntu Precise) Status: In Progress => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-4527 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-4529 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-4532 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-4535 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-4536 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-4541 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-3461 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1322204 Title: image format input validation fixes tracking bug To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1322204/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs