This bug was fixed in the package qemu - 1:2.5+dfsg-5ubuntu10.28 --------------- qemu (1:2.5+dfsg-5ubuntu10.28) xenial-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution via load_multiboot - debian/patches/CVE-2018-7550.patch: handle bss_end_addr being zero in hw/i386/multiboot.c. - CVE-2018-7550 -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Fri, 11 May 2018 13:34:24 -0400 ** Changed in: qemu (Ubuntu Xenial) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-7550 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1743637 Title: QEMU vhost-user shutdown suffers from use after free (missing clean shutdown) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1743637/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs