This bug was fixed in the package qemu-kvm - 1.0+noroms-0ubuntu14.21
--------------- qemu-kvm (1.0+noroms-0ubuntu14.21) precise-security; urgency=medium
* SECURITY UPDATE: code execution via savevm data - debian/patches/CVE-2014-7840.patch: validate parameters in arch_init.c. - CVE-2014-7840 * SECURITY UPDATE: code execution via cirrus vga blit regions (LP: #1400775) - debian/patches/CVE-2014-8106.patch: properly validate blit regions in hw/cirrus_vga.c. - CVE-2014-8106 -- Marc Deslauriers <email address hidden> Wed, 10 Dec 2014 16:11:32 -0500
This bug was fixed in the package qemu-kvm - 1.0+noroms- 0ubuntu14. 21
--------------- 0ubuntu14. 21) precise-security; urgency=medium
qemu-kvm (1.0+noroms-
* SECURITY UPDATE: code execution via savevm data patches/ CVE-2014- 7840.patch: validate parameters in patches/ CVE-2014- 8106.patch: properly validate blit regions in cirrus_ vga.c.
- debian/
arch_init.c.
- CVE-2014-7840
* SECURITY UPDATE: code execution via cirrus vga blit regions
(LP: #1400775)
- debian/
hw/
- CVE-2014-8106
-- Marc Deslauriers <email address hidden> Wed, 10 Dec 2014 16:11:32 -0500