Ubuntu
qemu-kvm package

  1. Bug #806166
  2. Comment #1

Comment 1 for bug 806166

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qemu-kvm - 0.14.0+noroms-0ubuntu8

---------------
qemu-kvm (0.14.0+noroms-0ubuntu8) oneiric; urgency=low

  * SECURITY UPDATE: fix to validate virtqueue in and out requests from the
    guests
    - debian/patches/CVE-2011-2212-virtqueue-indirect-overflow.patch: update
      hw/virtio.c to verify the length of indirect descriptors in
      virtqueue_pop() and virtqueue_avail_bytes()
    - CVE-2011-2212
    - LP: #806167
  * SECURITY UPDATE: validate virtio_queue_notify() is non-negative
    - virtio-guard-against-negative-vq-notifies-CVE-2011-2512.diff: update
      to move comparison out to syborg_virtio_writel(), virtio_ioport_write()
      and virtio_queue_notify_vq() and don't call common virtio code if
      virtqueue number is invalid. Patch from Debian.
    - CVE-2011-2512
    - LP: #806166
 -- Jamie Strandboge <email address hidden> Tue, 05 Jul 2011 13:24:52 -0500