qemu (1:2.5+dfsg-5ubuntu10.45) xenial-security; urgency=medium
* SECURITY UPDATE: out-of-bounds read and write in sm501
- debian/patches/CVE-2020-12829-pre0.patch: fix hardware cursor.
- debian/patches/CVE-2020-12829-pre1.patch: use values from the pitch
register for 2D operations.
- debian/patches/CVE-2020-12829-pre2.patch: implement negated
destination raster operation mode.
- debian/patches/CVE-2020-12829-pre3.patch: log unimplemented raster
operation modes.
- debian/patches/CVE-2020-12829-pre4.patch: fix support for non-zero
frame buffer start address.
- debian/patches/CVE-2020-12829-pre5.patch: set updated region dirty
after 2D operation.
- debian/patches/CVE-2020-12829-pre6.patch: adjust endianness of pixel
value in rectangle fill.
- debian/patches/CVE-2020-12829-pre7.patch: convert printf +
abort to qemu_log_mask.
- debian/patches/CVE-2020-12829-pre8.patch: shorten long
variable names in sm501_2d_operation.
- debian/patches/CVE-2020-12829-pre9.patch: use BIT(x) macro to
shorten constant.
- debian/patches/CVE-2020-12829-pre10.patch: clean up local
variables in sm501_2d_operation.
- debian/patches/CVE-2020-12829.patch: replace hand written
implementation with pixman where possible.
- debian/patches/CVE-2020-12829-2.patch: optimize small overlapping
blits.
- debian/patches/CVE-2020-12829-3.patch: fix bounds checks.
- debian/patches/CVE-2020-12829-4.patch: drop unneded variable.
- debian/patches/CVE-2020-12829-5.patch: do not allow guest to set
invalid format.
- debian/patches/CVE-2020-12829-6.patch: introduce variable for
commonly used value for better readability.
- debian/patches/CVE-2020-12829-7.patch: fix and optimize overlap
check.
- CVE-2020-12829
* SECURITY UPDATE: out-of-bounds read during sdhci_write() operations
- debian/patches/CVE-2020-13253.patch: do not switch to ReceivingData
if address is invalid in hw/sd/sd.c.
- CVE-2020-13253
* SECURITY UPDATE: out-of-bounds access during es1370_write() operation
- debian/patches/CVE-2020-13361.patch: check total frame count against
current frame in hw/audio/es1370.c.
- CVE-2020-13361
* SECURITY UPDATE: out-of-bounds read via crafted reply_queue_head
- debian/patches/CVE-2020-13362-1.patch: use unsigned type for
reply_queue_head and check index in hw/scsi/megasas.c.
- debian/patches/CVE-2020-13362-2.patch: avoid NULL pointer dereference
in hw/scsi/megasas.c.
- debian/patches/CVE-2020-13362-3.patch: use unsigned type for positive
numeric fields in hw/scsi/megasas.c.
- CVE-2020-13362
* SECURITY UPDATE: NULL pointer dereference related to BounceBuffer
- debian/patches/CVE-2020-13659.patch: set map length to zero when
returning NULL in exec.c, include/exec/memory.h.
- CVE-2020-13659
* SECURITY UPDATE: out-of-bounds access via msi-x mmio operation
- debian/patches/CVE-2020-13754-1.patch: revert accepting mismatching
sizes in memory_region_access_valid in memory.c.
- debian/patches/CVE-2020-13754-2.patch: accept byte and word access to
core ACPI registers in hw/acpi/core.c.
- CVE-2020-13754
* SECURITY UPDATE: invalid memory copy operation via rom_copy
- debian/patches/CVE-2020-13765.patch: add extra check to
hw/core/loader.c.
- CVE-2020-13765
* SECURITY UPDATE: buffer overflow in XGMAC Ethernet controller
- debian/patches/CVE-2020-15863.patch: check bounds in hw/net/xgmac.c.
- CVE-2020-15863
Date: 2020-08-13 17:18:46.155835+00:00
Changed-By: Marc Deslauriers <marc.deslauri...@canonical.com>
https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.45
Sorry, changesfile not available.
--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
