[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [ANNOUNCE] QEMU CVE update released

From: Michael Roth
Subject: [Qemu-devel] [ANNOUNCE] QEMU CVE update released
Date: Tue, 22 Sep 2015 18:36:23 -0500
User-agent: alot/0.3.6

Hi everyone,

As part of recent planning around stable releases discussed during
KVM Forum, I'm releasing the first of what will be regular (hopefully
not *too* regular) CVE-only stable updates. These updates are
intended to reduce the gap between vulnerability disclosures and
patched/packaged releases.

You can grab the latest release here:


Please see the changelog for CVE numbers/details. Users are
encouraged to update as soon as possible.

v2.4.0.1 is now tagged in the official qemu.git repository,
and the stable-2.4 branch has been updated accordingly:


These CVE-only releases are produced as-needed and are on no set
release schedule.

Full stable releases are still tentatively planned to continue as they
(mostly) have in the past: 1 mid-cycle stable update, and 1 stable update
at the end of each release cycle, with freeze dates announced in advance
to pull together important fixes. v2.4.1 is currently planned for


Thank you to everyone involved!


83c92b4: Update version for release (Michael Roth)
5a1ccdf: net: avoid infinite loop when receiving packets(CVE-2015-5278) (P J P)
7aa2bca: net: add checks to validate ring buffer pointers(CVE-2015-5279) (P J P)
3a56af1: e1000: Avoid infinite loop in processing transmit descriptor 
(CVE-2015-6815) (P J P)
efec4dc: vnc: fix memory corruption (CVE-2015-5225) (Gerd Hoffmann)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]