QEMU

  1. Bug #1834113
  2. Comment #5

Comment 5 for bug 1834113

Revision history for this message
Bryce Harrington (bryce) wrote :

For disco there has been a single qemu update for security, with the following changes:

      * SECURITY UPDATE: Add support for exposing md-clear functionality
        to guests
        - d/p/ubuntu/enable-md-clear.patch
        - d/p/ubuntu/enable-md-no.patch
        - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
      * SECURITY UPDATE: heap overflow when loading device tree blob
        - d/p/ubuntu/CVE-2018-20815.patch: specify how large the buffer to
          copy the device tree blob into is.
        - CVE-2018-20815
      * SECURITY UPDATE: device driver denial of service via NULL pointer
        dereference
        - d/p/ubuntu/CVE-2019-5008.patch: Define skeleton 'power_mem_read'
          routine
        - CVE-2019-5008
      * SECURITY UPDATE: information leak in SLiRP
        - d/p/ubuntu/CVE-2019-9824.patch: check sscanf result when
          emulating ident.
        - CVE-2019-9824

$ git show b818da7a1a0dfa55c0f4edf0be10394fe4d7f3f8 | diffstat
 changelog | 23 ++++++++++++
 patches/series | 5 ++
 patches/ubuntu/CVE-2018-20815.patch | 38 +++++++++++++++++++
 patches/ubuntu/CVE-2019-5008.patch | 43 ++++++++++++++++++++++
 patches/ubuntu/CVE-2019-9824.patch | 49 +++++++++++++++++++++++++
 patches/ubuntu/enable-md-clear.patch | 67 +++++++++++++++++++++++++++++++++++
 patches/ubuntu/enable-md-no.patch | 28 ++++++++++++++
 7 files changed, 253 insertions(+)

I took a cursory look through the five patches, but none leap out as anything relating to touchpads, and don't appear to be related to power management, but hard to say for certain.