I keep getting the crash notification due to kvm crashes with the same bug title as this one. I see that the status is Fix Released, I'm on precise and fully up-to-date.
My package is:
ii qemu-kvm 1.0+noroms-0ubuntu14.14 Full virtualization on i386 and amd64 hardware
which seems the correct one.
However, from the changelog I cannot see anything that seems related to this bug fix:
* SECURITY UPDATE: arbitrary code execution via MAC address table update
- debian/patches/CVE-2014-0150.patch: fix overflow in hw/virtio-net.c.
- CVE-2014-0150
* SECURITY UPDATE: denial of service and possible code execution via
smart self test counter
- debian/patches/CVE-2014-2894.patch: correct self-test count in
hw/ide/core.c.
- CVE-2014-2894
* SECURITY UPDATE: privilege escalation via REPORT LUNS
- debian/patches/CVE-2013-4344.patch: support more than 256 LUNS in
hw/scsi-bus.c, hw/scsi.h.
- CVE-2013-4344
-- Marc Deslauriers <email address hidden> Tue, 28 Jan 2014 09:08:09 -0500
Hi Serge,
I keep getting the crash notification due to kvm crashes with the same bug title as this one. I see that the status is Fix Released, I'm on precise and fully up-to-date.
My package is:
ii qemu-kvm 1.0+noroms- 0ubuntu14. 14 Full virtualization on i386 and amd64 hardware
which seems the correct one.
However, from the changelog I cannot see anything that seems related to this bug fix:
qemu-kvm (1.0+noroms- 0ubuntu14. 14) precise-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution via MAC address table update patches/ CVE-2014- 0150.patch: fix overflow in hw/virtio-net.c. patches/ CVE-2014- 2894.patch: correct self-test count in ide/core. c.
- debian/
- CVE-2014-0150
* SECURITY UPDATE: denial of service and possible code execution via
smart self test counter
- debian/
hw/
- CVE-2014-2894
-- Marc Deslauriers <email address hidden> Fri, 25 Apr 2014 17:37:13 -0400
qemu-kvm (1.0+noroms- 0ubuntu14. 13) precise-security; urgency=medium
* SECURITY UPDATE: privilege escalation via REPORT LUNS patches/ CVE-2013- 4344.patch: support more than 256 LUNS in scsi-bus. c, hw/scsi.h.
- debian/
hw/
- CVE-2013-4344
-- Marc Deslauriers <email address hidden> Tue, 28 Jan 2014 09:08:09 -0500
(the other entries are older than these ones)
Has this fix really been released to precise?
Thank you!