[pve-devel] Fwd: [Qemu-devel] [ANNOUNCE] QEMU CVE update released

Alexandre DERUMIER aderumier at odiso.com
Wed Sep 23 07:39:16 CEST 2015

Seem that qemu will release CVE fixed releases :)

----- Mail transféré -----
De: "mdroth" <mdroth at linux.vnet.ibm.com>
À: "qemu-devel" <qemu-devel at nongnu.org>
Cc: "qemu-stable" <qemu-stable at nongnu.org>
Envoyé: Mercredi 23 Septembre 2015 01:36:23
Objet: [Qemu-devel] [ANNOUNCE] QEMU CVE update released

Hi everyone, 

As part of recent planning around stable releases discussed during 
KVM Forum, I'm releasing the first of what will be regular (hopefully 
not *too* regular) CVE-only stable updates. These updates are 
intended to reduce the gap between vulnerability disclosures and 
patched/packaged releases. 

You can grab the latest release here: 


Please see the changelog for CVE numbers/details. Users are 
encouraged to update as soon as possible. 

v2.4.0.1 is now tagged in the official qemu.git repository, 
and the stable-2.4 branch has been updated accordingly: 


These CVE-only releases are produced as-needed and are on no set 
release schedule. 

Full stable releases are still tentatively planned to continue as they 
(mostly) have in the past: 1 mid-cycle stable update, and 1 stable update 
at the end of each release cycle, with freeze dates announced in advance 
to pull together important fixes. v2.4.1 is currently planned for 


Thank you to everyone involved! 


83c92b4: Update version for release (Michael Roth) 
5a1ccdf: net: avoid infinite loop when receiving packets(CVE-2015-5278) (P J P) 
7aa2bca: net: add checks to validate ring buffer pointers(CVE-2015-5279) (P J P) 
3a56af1: e1000: Avoid infinite loop in processing transmit descriptor (CVE-2015-6815) (P J P) 
efec4dc: vnc: fix memory corruption (CVE-2015-5225) (Gerd Hoffmann) 

More information about the pve-devel mailing list