qemu-22.214.171.124 (QEMU 126.96.36.199 CVE update released)
|Reported by:||Fernando de Oliveira||Owned by:|
This is a security release.
CVE-only releases will be regular releases for security (CVE-only) fixes.
qemu-devel [Qemu-devel] [ANNOUNCE] QEMU 188.8.131.52 CVE update released From: Michael Roth Subject: [Qemu-devel] [ANNOUNCE] QEMU 184.108.40.206 CVE update released Date: Tue, 22 Sep 2015 18:36:23 -0500 Hi everyone, As part of recent planning around stable releases discussed during KVM Forum, I'm releasing the first of what will be regular (hopefully not *too* regular) CVE-only stable updates. These updates are intended to reduce the gap between vulnerability disclosures and patched/packaged releases. Please see the changelog for CVE numbers/details. Users are encouraged to update as soon as possible. v220.127.116.11 is now tagged in the official qemu.git repository, and the stable-2.4 branch has been updated accordingly: http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.4 These CVE-only releases are produced as-needed and are on no set release schedule. Full stable releases are still tentatively planned to continue as they (mostly) have in the past: 1 mid-cycle stable update, and 1 stable update at the end of each release cycle, with freeze dates announced in advance to pull together important fixes. v2.4.1 is currently planned for 2015-10-20: http://wiki.qemu.org/Planning/2.4 Thank you to everyone involved! CHANGELOG: • 83c92b4: Update version for 18.104.22.168 release (Michael Roth) • 5a1ccdf: net: avoid infinite loop when receiving packets(CVE-2015-5278) (P J P) • 7aa2bca: net: add checks to validate ring buffer pointers(CVE-2015-5279) (P J P) • 3a56af1: e1000: Avoid infinite loop in processing transmit descriptor • (CVE-2015-6815) (P J P) • efec4dc: vnc: fix memory corruption (CVE-2015-5225) (Gerd Hoffmann)
Change History (2)
Note: See TracTickets for help on using tickets.