Thursday 14 August 2014

Re: Call for testing: QEMU security updates

Hi Marc,

I couldn't find any issue in the few testing scenarios I could try:

12.04:
* Basic testing using .raw and LVM with 1.0+noroms-0ubuntu14.17
* Live migration: 1.0+noroms-0ubuntu14.16 -> .17
* Live migration: 1.0+noroms-0ubuntu14.17 -> .16
* Live migration: 1.0+noroms-0ubuntu14.17 -> .17

14.04:
* Basic testing using LVM with 2.0.0+dfsg-2ubuntu1.3

Since most of my production is on 12.04, I'll keep migrating more VMs to
.17 and will report any eventual problem in LP.

Thanks a lot Marc!
Simon

On 08/14/2014 02:33 PM, Marc Deslauriers wrote:
> Hi,
>
> I have pushed updated qemu-kvm packages for Ubuntu 10.04 LTS and Ubuntu 12.04
> LTS, and qemu packages for Ubuntu 14.04 LTS into the -proposed pocket.
>
> These packages fix a very large number of security issues regarding image format
> validation and state loading. Due to the large number of patches, I would
> appreciate getting additional testing from people who run qemu in various
> environments.
>
> See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
> to enable and use -proposed.
>
> Please report any issues in the tracking bug:
> https://launchpad.net/bugs/1357018
>
> If no issues are reported, I plan on releasing the packages as security
> updates in a couple of weeks.
>
> Here is the list of CVEs fixed in each release:
>
> 10.04 LTS:
> CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146,
> CVE-2014-0147, CVE-2013-4148, CVE-2013-4151, CVE-2013-4530, CVE-2013-4531,
> CVE-2013-4533, CVE-2013-4534, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539,
> CVE-2013-4540, CVE-2013-6399, CVE-2014-0182, CVE-2014-0222, CVE-2014-0223
>
> 12.04 LTS:
> CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146,
> CVE-2014-0147, CVE-2013-4148, CVE-2013-4151, CVE-2013-4527, CVE-2013-4529,
> CVE-2013-4530, CVE-2013-4531, CVE-2013-4532, CVE-2013-4533, CVE-2013-4534,
> CVE-2013-4535, CVE-2013-4536, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539,
> CVE-2013-4540, CVE-2013-4541, CVE-2013-6399, CVE-2014-0182, CVE-2014-0222,
> CVE-2014-0223, CVE-2014-3461
>
> 14.04 LTS:
> CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4526,
> CVE-2013-4527, CVE-2013-4529, CVE-2013-4530, CVE-2013-4531, CVE-2013-4532,
> CVE-2013-4533, CVE-2013-4534, CVE-2013-4535, CVE-2013-4536, CVE-2013-4537,
> CVE-2013-4538, CVE-2013-4539, CVE-2013-4540, CVE-2013-4541, CVE-2013-4542,
> CVE-2013-6399, CVE-2014-0182, CVE-2014-0222, CVE-2014-0223, CVE-2014-3461,
> CVE-2014-3471
>
> Thanks,
>
> Marc.
>


--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel