* [Qemu-devel] [ANNOUNCE] QEMU 2.5.1.1 CVE update released
@ 2016-05-09 19:23 Michael Roth
0 siblings, 0 replies; only message in thread
From: Michael Roth @ 2016-05-09 19:23 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-stable, ppandit
Hi everyone,
A security update to the QEMU 2.5 series is now available at:
http://wiki.qemu.org/download/qemu-2.5.1.1.tar.bz2
v2.5.1.1 is now tagged in the official qemu.git repository,
and the stable-2.5 branch has been updated accordingly:
http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.5
This release includes security fixes for:
VGA emulation (CVE-2016-3712, CVE-2016-3710)
EHCI USB emulation (CVE-2015-8558)
Cadence UART (Xilinx Zynq board emulation)
Please see the changelogs and relevant CVEs for more information, and
update accordingly.
Thank you to everyone involved!
CHANGELOG:
db51dfc: Update version for 2.5.1.1 release (Michael Roth)
5b7236f: cadence_uart: bounds check write offset (Michael S. Tsirkin)
0bcdb63: Revert "ehci: make idt processing more robust" (Gerd Hoffmann)
706bab6: ehci: apply limit to iTD/sidt descriptors (Gerd Hoffmann)
44b86aa: vga: make sure vga register setup for vbe stays intact (CVE-2016-3712). (Gerd Hoffmann)
a6e5e5d: vga: update vga register setup on vbe changes (Gerd Hoffmann)
2f2f74e: vga: factor out vga register setup (Gerd Hoffmann)
46aff2c: vga: add vbe_enabled() helper (Gerd Hoffmann)
4f0323d: vga: fix banked access bounds checking (CVE-2016-3710) (Gerd Hoffmann)
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-05-09 19:23 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-05-09 19:23 [Qemu-devel] [ANNOUNCE] QEMU 2.5.1.1 CVE update released Michael Roth
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).