CVE-2015-2756

Note

This is a qemu change which is part of the xen package for the
"traditional" qemu. Trusty and newer only provide qemu traditional as
a backup but by default use the generic qemu from the archive and
Vivid completely drops qemu traditional. So the non-qemut patches in
that XSA need to go into qemu.

Package	Release	Status
qemu Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Does not exist
	trusty	Released (2.0.0+dfsg-2ubuntu1.11)
	upstream	Needs triage
	utopic	Released (2.1+dfsg-4ubuntu6.6)
	vivid	Released (1:2.2+dfsg-5expubuntu9)
	Patches: upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=81b23ef82cd1be29ca3d69ab7e98b5b5e55926ce
qemu-kvm Launchpad, Ubuntu, Debian	lucid	Ignored (reached end-of-life)
	precise	Not vulnerable (code not present)
	trusty	Does not exist
	upstream	Needs triage
	utopic	Does not exist
	vivid	Does not exist
xen Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Released (4.1.6.1-0ubuntu0.12.04.6)
	trusty	Does not exist (trusty was released [4.4.1-0ubuntu0.14.04.5])
	upstream	Needs triage
	utopic	Released (4.4.1-0ubuntu0.14.10.5)
	vivid	Not vulnerable
	Binaries built from this source package are in Universe and so are supported by the community.
xen-3.3 Launchpad, Ubuntu, Debian	lucid	Ignored (reached end-of-life)
	precise	Does not exist
	trusty	Does not exist
	upstream	Ignored (reached end-of-life)
	utopic	Does not exist
	vivid	Does not exist
	Binaries built from this source package are in Universe and so are supported by the community.

Security

CVE-2015-2756

Notes

Low

Status

References

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading