[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [ANNOUNCE] QEMU CVE update released

From: Michael Roth
Subject: [Qemu-devel] [ANNOUNCE] QEMU CVE update released
Date: Mon, 09 May 2016 14:23:19 -0500
User-agent: alot/0.3.6

Hi everyone,

A security update to the QEMU 2.5 series is now available at:


v2.5.1.1 is now tagged in the official qemu.git repository,
and the stable-2.5 branch has been updated accordingly:


This release includes security fixes for:

  VGA emulation (CVE-2016-3712, CVE-2016-3710)
  EHCI USB emulation (CVE-2015-8558)
  Cadence UART (Xilinx Zynq board emulation)

Please see the changelogs and relevant CVEs for more information, and
update accordingly.

Thank you to everyone involved!


db51dfc: Update version for release (Michael Roth)
5b7236f: cadence_uart: bounds check write offset (Michael S. Tsirkin)
0bcdb63: Revert "ehci: make idt processing more robust" (Gerd Hoffmann)
706bab6: ehci: apply limit to iTD/sidt descriptors (Gerd Hoffmann)
44b86aa: vga: make sure vga register setup for vbe stays intact 
(CVE-2016-3712). (Gerd Hoffmann)
a6e5e5d: vga: update vga register setup on vbe changes (Gerd Hoffmann)
2f2f74e: vga: factor out vga register setup (Gerd Hoffmann)
46aff2c: vga: add vbe_enabled() helper (Gerd Hoffmann)
4f0323d: vga: fix banked access bounds checking (CVE-2016-3710) (Gerd Hoffmann)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]