Hi, I have pushed updated qemu-kvm packages for Ubuntu 10.04 LTS and Ubuntu 12.04 LTS, and qemu packages for Ubuntu 14.04 LTS into the -proposed pocket.
These packages fix a very large number of security issues regarding image format validation and state loading. Due to the large number of patches, I would appreciate getting additional testing from people who run qemu in various environments. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Please report any issues in the tracking bug: https://launchpad.net/bugs/1357018 If no issues are reported, I plan on releasing the packages as security updates in a couple of weeks. Here is the list of CVEs fixed in each release: 10.04 LTS: CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2013-4148, CVE-2013-4151, CVE-2013-4530, CVE-2013-4531, CVE-2013-4533, CVE-2013-4534, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539, CVE-2013-4540, CVE-2013-6399, CVE-2014-0182, CVE-2014-0222, CVE-2014-0223 12.04 LTS: CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2013-4148, CVE-2013-4151, CVE-2013-4527, CVE-2013-4529, CVE-2013-4530, CVE-2013-4531, CVE-2013-4532, CVE-2013-4533, CVE-2013-4534, CVE-2013-4535, CVE-2013-4536, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539, CVE-2013-4540, CVE-2013-4541, CVE-2013-6399, CVE-2014-0182, CVE-2014-0222, CVE-2014-0223, CVE-2014-3461 14.04 LTS: CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4526, CVE-2013-4527, CVE-2013-4529, CVE-2013-4530, CVE-2013-4531, CVE-2013-4532, CVE-2013-4533, CVE-2013-4534, CVE-2013-4535, CVE-2013-4536, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539, CVE-2013-4540, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-0222, CVE-2014-0223, CVE-2014-3461, CVE-2014-3471 Thanks, Marc. -- Marc Deslauriers Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/ -- Ubuntu-quality mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-quality
