* SECURITY UPDATE: denial of service and possible code exection via
incorrect image format validation (LP: #1322204)
- debian/patches/CVE-2014-0142.patch: validate extent_size header field
in block/bochs.c, validate s->tracks in block/parallels.c, validate
block size in block/vpc.c, backport function to qemu-common.h.
- CVE-2014-0142
* SECURITY UPDATE: denial of service and possible code exection via
incorrect image format validation (LP: #1322204)
- debian/patches/CVE-2014-0143.patch: validate nb_sectors in
block.c, validate catalog_size header field in block/bochs.c,
prevent offsets_size integer overflow in block/cloop.c, fix catalog
size integer overflow in block/parallels.c, validate new_l1_size in
block/qcow2-cluster.c, use proper size in block/qcow2-refcount.c,
check L1 snapshot table size in block/qcow2-snapshot.c, check active
L1 table size in block/qcow2.c, define max size in block/qcow2.h.
- CVE-2014-0143
* SECURITY UPDATE: denial of service and possible code exection via
incorrect image format validation (LP: #1322204)
- debian/patches/CVE-2014-0144.patch: validate block sizes and offsets
in block/cloop.c, check offset in block/curl.c, validate size in
block/qcow2-refcount.c, check number of snapshots in
block/qcow2-snapshot.c, check sizes and offsets in block/qcow2.c,
move structs to block/qcow2.h, check sizes in block/vdi.c,
prevent overflows in block/vpc.c.
- CVE-2014-0144
* SECURITY UPDATE: denial of service and possible code exection via
incorrect image format validation (LP: #1322204)
- debian/patches/CVE-2014-0145.patch: check chunk sizes in block/dmg.c,
use correct size in block/qcow2-snapshot.c.
- CVE-2014-0145
* SECURITY UPDATE: denial of service and possible code exection via
incorrect image format validation (LP: #1322204)
- debian/patches/CVE-2014-0146.patch: calculate offsets properly in
block/qcow2.c.
- CVE-2014-0146
* SECURITY UPDATE: denial of service and possible code exection via
incorrect image format validation (LP: #1322204)
- debian/patches/CVE-2014-0147.patch: use proper sizes in block/bochs.c,
properly calculate refcounts in block/qcow2-refcount.c, block/qcow2.c.
- CVE-2014-0147
* SECURITY UPDATE: multiple buffer overflows on invalid state load
- debian/patches: added large number of upstream patches pulled from
git tree.
- CVE-2013-4148
- CVE-2013-4151
- CVE-2013-4527
- CVE-2013-4529
- CVE-2013-4530
- CVE-2013-4531
- CVE-2013-4532
- CVE-2013-4533
- CVE-2013-4534
- CVE-2013-4535
- CVE-2013-4536
- CVE-2013-4537
- CVE-2013-4538
- CVE-2013-4539
- CVE-2013-4540
- CVE-2013-4541
- CVE-2013-6399
- CVE-2014-0182
- CVE-2014-0222
- CVE-2014-0223
- CVE-2014-3461
-- Marc Deslauriers <email address hidden> Tue, 12 Aug 2014 13:30:27 -0400
This bug was fixed in the package qemu-kvm - 1.0+noroms- 0ubuntu14. 17
--------------- 0ubuntu14. 17) precise-security; urgency=medium
qemu-kvm (1.0+noroms-
* SECURITY UPDATE: denial of service and possible code exection via patches/ CVE-2014- 0142.patch: validate extent_size header field patches/ CVE-2014- 0143.patch: validate nb_sectors in qcow2-cluster. c, use proper size in block/qcow2- refcount. c, snapshot. c, check active patches/ CVE-2014- 0144.patch: validate block sizes and offsets qcow2-refcount. c, check number of snapshots in qcow2-snapshot. c, check sizes and offsets in block/qcow2.c, patches/ CVE-2014- 0145.patch: check chunk sizes in block/dmg.c, snapshot. c. patches/ CVE-2014- 0146.patch: calculate offsets properly in qcow2.c. patches/ CVE-2014- 0147.patch: use proper sizes in block/bochs.c, refcount. c, block/qcow2.c.
incorrect image format validation (LP: #1322204)
- debian/
in block/bochs.c, validate s->tracks in block/parallels.c, validate
block size in block/vpc.c, backport function to qemu-common.h.
- CVE-2014-0142
* SECURITY UPDATE: denial of service and possible code exection via
incorrect image format validation (LP: #1322204)
- debian/
block.c, validate catalog_size header field in block/bochs.c,
prevent offsets_size integer overflow in block/cloop.c, fix catalog
size integer overflow in block/parallels.c, validate new_l1_size in
block/
check L1 snapshot table size in block/qcow2-
L1 table size in block/qcow2.c, define max size in block/qcow2.h.
- CVE-2014-0143
* SECURITY UPDATE: denial of service and possible code exection via
incorrect image format validation (LP: #1322204)
- debian/
in block/cloop.c, check offset in block/curl.c, validate size in
block/
block/
move structs to block/qcow2.h, check sizes in block/vdi.c,
prevent overflows in block/vpc.c.
- CVE-2014-0144
* SECURITY UPDATE: denial of service and possible code exection via
incorrect image format validation (LP: #1322204)
- debian/
use correct size in block/qcow2-
- CVE-2014-0145
* SECURITY UPDATE: denial of service and possible code exection via
incorrect image format validation (LP: #1322204)
- debian/
block/
- CVE-2014-0146
* SECURITY UPDATE: denial of service and possible code exection via
incorrect image format validation (LP: #1322204)
- debian/
properly calculate refcounts in block/qcow2-
- CVE-2014-0147
* SECURITY UPDATE: multiple buffer overflows on invalid state load
- debian/patches: added large number of upstream patches pulled from
git tree.
- CVE-2013-4148
- CVE-2013-4151
- CVE-2013-4527
- CVE-2013-4529
- CVE-2013-4530
- CVE-2013-4531
- CVE-2013-4532
- CVE-2013-4533
- CVE-2013-4534
- CVE-2013-4535
- CVE-2013-4536
- CVE-2013-4537
- CVE-2013-4538
- CVE-2013-4539
- CVE-2013-4540
- CVE-2013-4541
- CVE-2013-6399
- CVE-2014-0182
- CVE-2014-0222
- CVE-2014-0223
- CVE-2014-3461
-- Marc Deslauriers <email address hidden> Tue, 12 Aug 2014 13:30:27 -0400