New changelog entries:
* Spectre/Meltdown fixes for ppc64 (LP: #1765364)
- debian/patches/lp1765364/*.patches: add backported capabilities and
spectre/meltdown commits.
* SECURITY UPDATE: race during file renaming in v9fs_wstat
- debian/patches/CVE-2018-19489.patch: add locks to hw/9pfs/9p.c.
- CVE-2018-19489
* SECURITY UPDATE: heap based buffer overflow in slirp
- debian/patches/CVE-2019-6778.patch: check data length while emulating
ident function in slirp/tcp_subr.c.
- CVE-2019-6778
New changelog entries:
* Fix deadlock when detaching network interface (LP: #1818880)
Fixed by upstream patch:
- d/p/lp-1818880-rcu-disable-atfork.patch: rcu: completely disable
pthread_atfork callbacks as soon as possible
New changelog entries:
* SECURITY UPDATE: integer overflow in NE2000 NIC emulation
- debian/patches/CVE-2018-10839.patch: use proper type in
hw/net/ne2000.c.
- CVE-2018-10839
* SECURITY UPDATE: buffer overflow via incoming fragmented datagrams
- debian/patches/CVE-2018-11806.patch: correct size computation in
slirp/mbuf.c, slirp/mbuf.h.
- CVE-2018-11806
* SECURITY UPDATE: integer overflow via crafted QMP command
- debian/patches/CVE-2018-12617.patch: check bytes count read by
guest-file-read in qga/commands-posix.c.
- CVE-2018-12617
* SECURITY UPDATE: buffer overflow in rtl8139
- debian/patches/CVE-2018-17958.patch: use proper type in
hw/net/rtl8139.c.
- CVE-2018-17958
* SECURITY UPDATE: buffer overflow in pcnet
- debian/patches/CVE-2018-17962.patch: use proper type in
hw/net/pcnet.c.
- CVE-2018-17962
* SECURITY UPDATE: DoS via large packet sizes
- debian/patches/CVE-2018-17963.patch: check size in net/net.c.
- CVE-2018-17963
* SECURITY UPDATE: DoS in lsi53c895a
- debian/patches/CVE-2018-18849.patch: check message length value is
valid in hw/scsi/lsi53c895a.c.
- CVE-2018-18849
* SECURITY UPDATE: race condition in 9p
- debian/patches/CVE-2018-19364-1.patch: use write lock in
hw/9pfs/cofile.c.
- debian/patches/CVE-2018-19364-2.patch: use write lock in
hw/9pfs/virtio-9p.c.
- CVE-2018-19364
New changelog entries:
* fix migration of new guests on ppc64el (LP: #1783140)
Fixed by backporting two patches from the 2.6.x stable branch
- d/p/ubuntu/lp-1783140-virtio-set-low-features-early-on-load.patch
- d/p/ubuntu/lp-1783140-Revert-virtio-net-unbreak-self-announcement.patch
New changelog entries:
* d/p/ubuntu/lp-1587065-qga-ignore-EBUSY-when-freezing-a-filesystem.patch:
Fix qemu-guest-agent failing to freeze filesystems that were mounted
multiple times like bind mounts. (LP: #1587065).
New changelog entries:
* SECURITY UPDATE: Speculative Store Bypass
- debian/patches/CVE-2018-3639-2.patch: define the AMD 'virt-ssbd'
CPUID feature bit in target/i386/cpu.c.
- debian/patches/CVE-2018-3639-3.patch: define the Virt SSBD MSR and
handling of it in target/i386/cpu.h, target/i386/kvm.c,
target/i386/machine.c.
- CVE-2018-3639
New changelog entries:
* SECURITY UPDATE: Speculative Store Bypass
- debian/patches/ubuntu/CVE-2018-3639.patch: add bit(2) of SPEC_CTRL
MSR support - Reduced Data Speculation to target-i386/cpu.*.
- CVE-2018-3639
New changelog entries:
* SECURITY UPDATE: arbitrary code execution via load_multiboot
- debian/patches/CVE-2018-7550.patch: handle bss_end_addr being zero in
hw/i386/multiboot.c.
- CVE-2018-7550
