[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [ANNOUNCE] QEMU 2.5.1.1 CVE update released
|
From: |
Michael Roth |
|
Subject: |
[Qemu-devel] [ANNOUNCE] QEMU 2.5.1.1 CVE update released |
|
Date: |
Mon, 09 May 2016 14:23:19 -0500 |
|
User-agent: |
alot/0.3.6 |
Hi everyone,
A security update to the QEMU 2.5 series is now available at:
http://wiki.qemu.org/download/qemu-2.5.1.1.tar.bz2
v2.5.1.1 is now tagged in the official qemu.git repository,
and the stable-2.5 branch has been updated accordingly:
http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.5
This release includes security fixes for:
VGA emulation (CVE-2016-3712, CVE-2016-3710)
EHCI USB emulation (CVE-2015-8558)
Cadence UART (Xilinx Zynq board emulation)
Please see the changelogs and relevant CVEs for more information, and
update accordingly.
Thank you to everyone involved!
CHANGELOG:
db51dfc: Update version for 2.5.1.1 release (Michael Roth)
5b7236f: cadence_uart: bounds check write offset (Michael S. Tsirkin)
0bcdb63: Revert "ehci: make idt processing more robust" (Gerd Hoffmann)
706bab6: ehci: apply limit to iTD/sidt descriptors (Gerd Hoffmann)
44b86aa: vga: make sure vga register setup for vbe stays intact
(CVE-2016-3712). (Gerd Hoffmann)
a6e5e5d: vga: update vga register setup on vbe changes (Gerd Hoffmann)
2f2f74e: vga: factor out vga register setup (Gerd Hoffmann)
46aff2c: vga: add vbe_enabled() helper (Gerd Hoffmann)
4f0323d: vga: fix banked access bounds checking (CVE-2016-3710) (Gerd Hoffmann)
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-devel] [ANNOUNCE] QEMU 2.5.1.1 CVE update released,
Michael Roth <=