Qemu version pin vulnerable to VENOM
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack-Ansible |
Invalid
|
Critical
|
Unassigned | ||
Icehouse |
Won't Fix
|
Critical
|
Unassigned | ||
Juno |
Won't Fix
|
Critical
|
Unassigned |
Bug Description
With the public disclosure of CVE-2015-3456, the version of qemu will need to be bumped in Juno/Icehouse once the updated package is released upstream. The currently pinned version is qemu: 2.0.0+dfsg-
Further information can be found:
http://
http://
http://
https:/
http://
http://
http://
CVE References
tags: | added: icehouse-backport-potential impacts-doc juno-backport-potential |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
While the issue of the qemu package effects all of Ubuntu 14.04 the issue due to package pinning does not effect trunk and kilo as such trunk has been marked as invalid.