ELSA-2015-0349

ELSA-2015-0349 - qemu-kvm security, bug fix, and enhancement update

Type:SECURITY
Severity:IMPORTANT
Release Date:2015-03-11

Description


[1.5.3-86.el7]
- kvm-vfio-pci-Fix-interrupt-disabling.patch [bz#1180942]
- kvm-cirrus-fix-blit-region-check.patch [bz#1169456]
- kvm-cirrus-don-t-overflow-CirrusVGAState-cirrus_bltbuf.patch [bz#1169456]
- Resolves: bz#1169456
(CVE-2014-8106 qemu-kvm: qemu: cirrus: insufficient blit region checks [rhel-7.1])
- Resolves: bz#1180942
(qemu core dumped when unhotplug gpu card assigned to guest)

[1.5.3-85.el7]
- kvm-block-delete-cow-block-driver.patch [bz#1175325]
- Resolves: bz#1175325
(Delete cow block driver)

[1.5.3-84.el7]
- kvm-qemu-iotests-Test-case-for-backing-file-deletion.patch [bz#1002493]
- kvm-qemu-iotests-Add-sample-image-and-test-for-VMDK-vers.patch [bz#1134237]
- kvm-vmdk-Check-VMFS-extent-line-field-number.patch [bz#1134237]
- kvm-qemu-iotests-Introduce-_unsupported_imgopts.patch [bz#1002493]
- kvm-qemu-iotests-Add-_unsupported_imgopts-for-vmdk-subfo.patch [bz#1002493]
- kvm-vmdk-Fix-big-flat-extent-IO.patch [bz#1134241]
- kvm-vmdk-Check-for-overhead-when-opening.patch [bz#1134251]
- kvm-block-vmdk-add-basic-.bdrv_check-support.patch [bz#1134251]
- kvm-qemu-iotest-Make-077-raw-only.patch [bz#1134237]
- kvm-qemu-iotests-Don-t-run-005-on-vmdk-split-formats.patch [bz#1002493]
- kvm-vmdk-extract-vmdk_read_desc.patch [bz#1134251]
- kvm-vmdk-push-vmdk_read_desc-up-to-caller.patch [bz#1134251]
- kvm-vmdk-do-not-try-opening-a-file-as-both-image-and-des.patch [bz#1134251]
- kvm-vmdk-correctly-propagate-errors.patch [bz#1134251]
- kvm-block-vmdk-do-not-report-file-offset-for-compressed-.patch [bz#1134251]
- kvm-vmdk-Fix-d-and-lld-to-PRI-in-format-strings.patch [bz#1134251]
- kvm-vmdk-Fix-x-to-PRIx32-in-format-strings-for-cid.patch [bz#1134251]
- kvm-qemu-img-Convert-by-cluster-size-if-target-is-compre.patch [bz#1134283]
- kvm-vmdk-Implement-.bdrv_write_compressed.patch [bz#1134283]
- kvm-vmdk-Implement-.bdrv_get_info.patch [bz#1134283]
- kvm-qemu-iotests-Test-converting-to-streamOptimized-from.patch [bz#1134283]
- kvm-vmdk-Fix-local_err-in-vmdk_create.patch [bz#1134283]
- kvm-fpu-softfloat-drop-INLINE-macro.patch [bz#1002493]
- kvm-block-New-bdrv_nb_sectors.patch [bz#1002493]
- kvm-vmdk-Optimize-cluster-allocation.patch [bz#1002493]
- kvm-vmdk-Handle-failure-for-potentially-large-allocation.patch [bz#1002493]
- kvm-vmdk-Use-bdrv_nb_sectors-where-sectors-not-bytes-are.patch [bz#1002493]
- kvm-vmdk-fix-vmdk_parse_extents-extent_file-leaks.patch [bz#1002493]
- kvm-vmdk-fix-buf-leak-in-vmdk_parse_extents.patch [bz#1002493]
- kvm-vmdk-Fix-integer-overflow-in-offset-calculation.patch [bz#1002493]
- kvm-migration-fix-parameter-validation-on-ram-load-CVE-2.patch [bz#1163078]
- Resolves: bz#1002493
(qemu-img convert rate about 100k/second from qcow2/raw to vmdk format on nfs system file)
- Resolves: bz#1134237
(Opening malformed VMDK description file should fail)
- Resolves: bz#1134241
(QEMU fails to correctly read/write on VMDK with big flat extent)
- Resolves: bz#1134251
(Opening an obviously truncated VMDK image should fail)
- Resolves: bz#1134283
(qemu-img convert from ISO to streamOptimized fails)
- Resolves: bz#1163078
(CVE-2014-7840 qemu-kvm: qemu: insufficient parameter validation during ram load [rhel-7.1])

[1.5.3-83.el7]
- kvm-xhci-add-sanity-checks-to-xhci_lookup_uport.patch [bz#1074219]
- kvm-Revert-Build-ceph-rbd-only-for-rhev.patch [bz#1140742]
- kvm-Revert-rbd-Only-look-for-qemu-specific-copy-of-librb.patch [bz#1140742]
- kvm-Revert-rbd-link-and-load-librbd-dynamically.patch [bz#1140742]
- kvm-spec-Enable-rbd-driver-add-dependency.patch [bz#1140742]
- Resolves: bz#1074219
(qemu core dump when install a RHEL.7 guest(xhci) with migration)
- Resolves: bz#1140742
(Enable native support for Ceph)

[1.5.3-82.el7]
- kvm-hw-pci-fixed-error-flow-in-pci_qdev_init.patch [bz#1046007]
- kvm-hw-pci-fixed-hotplug-crash-when-using-rombar-0-with-.patch [bz#1046007]
- Resolves: bz#1046007
(qemu-kvm aborted when hot plug PCI device to guest with romfile and rombar=0)

[1.5.3-81.el7]
- kvm-migration-static-variables-will-not-be-reset-at-seco.patch [bz#1071776]
- kvm-vfio-pci-Add-debug-config-options-to-disable-MSI-X-K.patch [bz#1098976]
- kvm-vfio-correct-debug-macro-typo.patch [bz#1098976]
- kvm-vfio-pci-Fix-MSI-X-debug-code.patch [bz#1098976]
- kvm-vfio-pci-Fix-MSI-X-masking-performance.patch [bz#1098976]
- kvm-vfio-Fix-MSI-X-vector-expansion.patch [bz#1098976]
- kvm-vfio-Don-t-cache-MSIMessage.patch [bz#1098976]
- Resolves: bz#1071776
(Migration 'expected downtime' does not refresh after reset to a new value)
- Resolves: bz#1098976
(2x RHEL 5.10 VM running on RHEL 7 KVM have low TCP_STREAM throughput)

[1.5.3-80.el7]
- kvm-dump-RHEL-specific-fix-for-CPUState-bug-introduced-b.patch [bz#1161563]
- kvm-dump-guest-memory-Check-for-the-correct-return-value.patch [bz#1157798]
- kvm-dump-const-qualify-the-buf-of-WriteCoreDumpFunction.patch [bz#1157798]
- kvm-dump-add-argument-to-write_elfxx_notes.patch [bz#1157798]
- kvm-dump-add-API-to-write-header-of-flatten-format.patch [bz#1157798]
- kvm-dump-add-API-to-write-vmcore.patch [bz#1157798]
- kvm-dump-add-API-to-write-elf-notes-to-buffer.patch [bz#1157798]
- kvm-dump-add-support-for-lzo-snappy.patch [bz#1157798]
- kvm-RPM-spec-build-qemu-kvm-with-lzo-and-snappy-enabled-.patch [bz#1157798]
- kvm-dump-add-members-to-DumpState-and-init-some-of-them.patch [bz#1157798]
- kvm-dump-add-API-to-write-dump-header.patch [bz#1157798]
- kvm-dump-add-API-to-write-dump_bitmap.patch [bz#1157798]
- kvm-dump-add-APIs-to-operate-DataCache.patch [bz#1157798]
- kvm-dump-add-API-to-write-dump-pages.patch [bz#1157798]
- kvm-dump-Drop-qmp_dump_guest_memory-stub-and-build-for-a.patch [bz#1157798]
- kvm-dump-make-kdump-compressed-format-available-for-dump.patch [bz#1157798]
- kvm-Define-the-architecture-for-compressed-dump-format.patch [bz#1157798]
- kvm-dump-add-query-dump-guest-memory-capability-command.patch [bz#1157798]
- kvm-dump-Drop-pointless-error_is_set-DumpState-member-er.patch [bz#1157798]
- kvm-dump-fill-in-the-flat-header-signature-more-pleasing.patch [bz#1157798]
- kvm-dump-simplify-write_start_flat_header.patch [bz#1157798]
- kvm-dump-eliminate-DumpState.page_shift-guest-s-page-shi.patch [bz#1157798]
- kvm-dump-eliminate-DumpState.page_size-guest-s-page-size.patch [bz#1157798]
- kvm-dump-select-header-bitness-based-on-ELF-class-not-EL.patch [bz#1157798]
- kvm-dump-hoist-lzo_init-from-get_len_buf_out-to-dump_ini.patch [bz#1157798]
- kvm-dump-simplify-get_len_buf_out.patch [bz#1157798]
- kvm-rename-parse_enum_option-to-qapi_enum_parse-and-make.patch [bz#1087724]
- kvm-qapi-introduce-PreallocMode-and-new-PreallocModes-fu.patch [bz#1087724]
- kvm-raw-posix-Add-falloc-and-full-preallocation-option.patch [bz#1087724]
- kvm-qcow2-Add-falloc-and-full-preallocation-option.patch [bz#1087724]
- kvm-vga-fix-invalid-read-after-free.patch [bz#1161890]
- kvm-Use-qemu-kvm-in-documentation-instead-of-qemu-system.patch [bz#1140618]
- kvm-vnc-sanitize-bits_per_pixel-from-the-client.patch [bz#1157645]
- kvm-spice-call-qemu_spice_set_passwd-during-init.patch [bz#1138639]
- kvm-block-raw-posix-Try-both-FIEMAP-and-SEEK_HOLE.patch [bz#1160237]
- kvm-block-raw-posix-Fix-disk-corruption-in-try_fiemap.patch [bz#1160237]
- kvm-block-raw-posix-use-seek_hole-ahead-of-fiemap.patch [bz#1160237]
- kvm-raw-posix-Fix-raw_co_get_block_status-after-EOF.patch [bz#1160237]
- kvm-raw-posix-raw_co_get_block_status-return-value.patch [bz#1160237]
- kvm-raw-posix-SEEK_HOLE-suffices-get-rid-of-FIEMAP.patch [bz#1160237]
- kvm-raw-posix-The-SEEK_HOLE-code-is-flawed-rewrite-it.patch [bz#1160237]
- Resolves: bz#1087724
([Fujitsu 7.1 FEAT]: qemu-img should use fallocate() system call for 'preallocation=full' option)
- Resolves: bz#1138639
(fail to login spice session with password + expire time)
- Resolves: bz#1140618
(Should replace 'qemu-system-i386' by '/usr/libexec/qemu-kvm' in manpage of qemu-kvm for our official qemu-kvm build)
- Resolves: bz#1157645
(CVE-2014-7815 qemu-kvm: qemu: vnc: insufficient bits_per_pixel from the client sanitization [rhel-7.1])
- Resolves: bz#1157798
([FEAT RHEL7.1]: qemu: Support compression for dump-guest-memory command)
- Resolves: bz#1160237
(qemu-img convert intermittently corrupts output images)
- Resolves: bz#1161563
(invalid QEMU NOTEs in vmcore that is dumped for multi-VCPU guests)
- Resolves: bz#1161890
([abrt] qemu-kvm: pixman_image_get_data(): qemu-kvm killed by SIGSEGV)

[1.5.3-79.el7]
- kvm-libcacard-link-against-qemu-error.o-for-error_report.patch [bz#1088176]
- kvm-error-Add-error_abort.patch [bz#1088176]
- kvm-blockdev-Fail-blockdev-add-with-encrypted-images.patch [bz#1088176]
- kvm-blockdev-Fix-NULL-pointer-dereference-in-blockdev-ad.patch [bz#1088176]
- kvm-qemu-iotests-Test-a-few-blockdev-add-error-cases.patch [bz#1088176]
- kvm-block-Add-errp-to-bdrv_new.patch [bz#1088176]
- kvm-qemu-img-Avoid-duplicate-block-device-IDs.patch [bz#1088176]
- kvm-block-Catch-duplicate-IDs-in-bdrv_new.patch [bz#1088176]
- kvm-qemu-img-Allow-source-cache-mode-specification.patch [bz#1138691]
- kvm-qemu-img-Allow-cache-mode-specification-for-amend.patch [bz#1138691]
- kvm-qemu-img-clarify-src_cache-option-documentation.patch [bz#1138691]
- kvm-qemu-img-fix-rebase-src_cache-option-documentation.patch [bz#1138691]
- kvm-qemu-img-fix-img_compare-flags-error-path.patch [bz#1138691]
- kvm-ac97-register-reset-via-qom.patch [bz#1141667]
- kvm-virtio-blk-Factor-common-checks-out-of-virtio_blk_ha.patch [bz#1085232]
- kvm-virtio-blk-Bypass-error-action-and-I-O-accounting-on.patch [bz#1085232]
- kvm-virtio-blk-Treat-read-write-beyond-end-as-invalid.patch [bz#1085232]
- kvm-ide-Treat-read-write-beyond-end-as-invalid.patch [bz#1085232]
- kvm-ide-only-constrain-read-write-requests-to-drive-size.patch [bz#1085232]
- Resolves: bz#1085232
(Ilegal guest requests on block devices pause the VM)
- Resolves: bz#1088176
(QEMU fail to check whether duplicate ID for block device drive using 'blockdev-add' to hotplug)
- Resolves: bz#1138691
(Allow qemu-img to bypass the host cache (check, compare, convert, rebase, amend))
- Resolves: bz#1141667
(Qemu crashed if reboot guest after hot remove AC97 sound device)

[1.5.3-78.el7]
- kvm-slirp-udp-fix-NULL-pointer-dereference-because-of-un.patch [bz#1144820]
- kvm-hw-pci-fix-error-flow-in-pci-multifunction-init.patch [bz#1049734]
- kvm-rhel-Drop-machine-type-pc-q35-rhel7.0.0.patch [bz#1111107]
- kvm-virtio-scsi-Plug-memory-leak-on-virtio_scsi_push_eve.patch [bz#1088822]
- kvm-virtio-scsi-Report-error-if-num_queues-is-0-or-too-l.patch [bz#1089606]
- kvm-virtio-scsi-Fix-memory-leak-when-realize-failed.patch [bz#1089606]
- kvm-virtio-scsi-Fix-num_queue-input-validation.patch [bz#1089606]
- kvm-Revert-linux-aio-use-event-notifiers.patch [bz#1104748]
- kvm-specfile-Require-glusterfs-api-3.6.patch [bz#1155518]
- Resolves: bz#1049734
(PCI: QEMU crash on illegal operation: attaching a function to a non multi-function device)
- Resolves: bz#1088822
(hot-plug a virtio-scsi disk via 'blockdev-add' always cause QEMU quit)
- Resolves: bz#1089606
(QEMU will not reject invalid number of queues (num_queues = 0) specified for virtio-scsi)
- Resolves: bz#1104748
(48% reduction in IO performance for KVM guest, io=native)
- Resolves: bz#1111107
(Remove Q35 machine type from qemu-kvm)
- Resolves: bz#1144820
(CVE-2014-3640 qemu-kvm: qemu: slirp: NULL pointer deref in sosendto() [rhel-7.1])
- Resolves: bz#1155518
(qemu-kvm: undefined symbol: glfs_discard_async)

[1.5.3-77.el7]
- kvm-seccomp-add-semctl-to-the-syscall-whitelist.patch [bz#1026314]
- kvm-Revert-kvmclock-Ensure-proper-env-tsc-value-for-kvmc.patch [bz#1098602 bz#1130428]
- kvm-Revert-kvmclock-Ensure-time-in-migration-never-goes-.patch [bz#1098602 bz#1130428]
- kvm-Introduce-cpu_clean_all_dirty.patch [bz#1098602 bz#1130428]
- kvm-kvmclock-Ensure-proper-env-tsc-value-for-kvmclock.v2.patch [bz#1098602 bz#1130428]
- kvm-kvmclock-Ensure-time-in-migration-never-goes-back.v2.patch [bz#1098602 bz#1130428]
- Resolves: bz#1026314
(BUG: qemu-kvm hang when use '-sandbox on'+'vnc'+'hda')
- Resolves: bz#1098602
(kvmclock: Ensure time in migration never goes backward (backport))
- Resolves: bz#1130428
(After migration of RHEL7.1 guest with '-vga qxl', GUI console is hang)

[1.5.3-76.el7]
- kvm-usb-hcd-xhci-QOM-Upcast-Sweep.patch [bz#980747]
- kvm-usb-hcd-xhci-QOM-parent-field-cleanup.patch [bz#980747]
- kvm-uhci-egsm-fix.patch [bz#1046873]
- kvm-usb-redir-fix-use-after-free.patch [bz#1046574 bz#1088116]
- kvm-xhci-remove-leftover-debug-printf.patch [bz#980833]
- kvm-xhci-add-tracepoint-for-endpoint-state-changes.patch [bz#980833]
- kvm-xhci-add-port-to-slot_address-tracepoint.patch [bz#980833]
- kvm-usb-parallelize-usb3-streams.patch [bz#1075846]
- kvm-xhci-Init-a-transfers-xhci-slotid-and-epid-member-on.patch [bz#1075846]
- kvm-xhci-Add-xhci_epid_to_usbep-helper-function.patch [bz#980833]
- kvm-xhci-Fix-memory-leak-on-xhci_disable_ep.patch [bz#980833]
- kvm-usb-Also-reset-max_packet_size-on-ep_reset.patch [bz#1075846]
- kvm-usb-Fix-iovec-memleak-on-combined-packet-free.patch [bz#1075846]
- kvm-usb-hcd-xhci-Remove-unused-sstreamsm-member-from-XHC.patch [bz#980747]
- kvm-usb-hcd-xhci-Remove-unused-cancelled-member-from-XHC.patch [bz#980747]
- kvm-usb-hcd-xhci-Report-completion-of-active-transfer-wi.patch [bz#980747]
- kvm-usb-hcd-xhci-Update-endpoint-context-dequeue-pointer.patch [bz#980747]
- kvm-xhci-Add-a-few-missing-checks-for-disconnected-devic.patch [bz#980833]
- kvm-usb-Add-max_streams-attribute-to-endpoint-info.patch [bz#1111450]
- kvm-usb-Add-usb_device_alloc-free_streams.patch [bz#1111450]
- kvm-xhci-Call-usb_device_alloc-free_streams.patch [bz#980833]
- kvm-uhci-invalidate-queue-on-device-address-changes.patch [bz#1111450]
- kvm-xhci-iso-fix-time-calculation.patch [bz#949385]
- kvm-xhci-iso-allow-for-some-latency.patch [bz#949385]
- kvm-xhci-switch-debug-printf-to-tracepoint.patch [bz#980747]
- kvm-xhci-use-DPRINTF-instead-of-fprintf-stderr.patch [bz#980833]
- kvm-xhci-child-detach-fix.patch [bz#980833]
- kvm-usb-add-usb_pick_speed.patch [bz#1075846]
- kvm-xhci-make-port-reset-trace-point-more-verbose.patch [bz#980833]
- kvm-usb-initialize-libusb_device-to-avoid-crash.patch [bz#1111450]
- kvm-target-i386-get-CPL-from-SS.DPL.patch [bz#1097363]
- kvm-trace-use-unique-Red-Hat-version-number-in-simpletra.patch [bz#1088112]
- kvm-trace-add-pid-field-to-simpletrace-record.patch [bz#1088112]
- kvm-simpletrace-add-support-for-trace-record-pid-field.patch [bz#1088112]
- kvm-simpletrace-add-simpletrace.py-no-header-option.patch [bz#1088112]
- kvm-trace-extract-stap_escape-function-for-reuse.patch [bz#1088112]
- kvm-trace-add-tracetool-simpletrace_stap-format.patch [bz#1088112]
- kvm-trace-install-simpletrace-SystemTap-tapset.patch [bz#1088112]
- kvm-trace-install-trace-events-file.patch [bz#1088112]
- kvm-trace-add-SystemTap-init-scripts-for-simpletrace-bri.patch [bz#1088112]
- kvm-simpletrace-install-simpletrace.py.patch [bz#1088112]
- kvm-trace-add-systemtap-initscript-README-file-to-RPM.patch [bz#1088112]
- kvm-rdma-Fix-block-during-rdma-migration.patch [bz#1152969]
- Resolves: bz#1046574
(fail to passthrough the USB speaker redirected from usb-redir with xhci controller)
- Resolves: bz#1046873
(fail to be recognized the hotpluging usb-storage device with xhci controller in win2012R2 guest)
- Resolves: bz#1075846
(qemu-kvm core dumped when hotplug/unhotplug USB3.0 device multi times)
- Resolves: bz#1088112
([Fujitsu 7.1 FEAT]:QEMU: capturing trace data all the time using ftrace-based tracing)
- Resolves: bz#1088116
(qemu crash when device_del usb-redir)
- Resolves: bz#1097363
(qemu ' KVM internal error. Suberror: 1' when query cpu frequently during pxe boot in Intel 'Q95xx' host)
- Resolves: bz#1111450
(Guest crash when hotplug usb while disable virt_use_usb)
- Resolves: bz#1152969
(Qemu-kvm got stuck when migrate to wrong RDMA ip)
- Resolves: bz#949385
(passthrough USB speaker to win2012 guest fail to work well)
- Resolves: bz#980747
(flood with 'xhci: wrote doorbell while xHC stopped or paused' when redirected USB Webcam from usb-host with xHCI controller)
- Resolves: bz#980833
(xhci: FIXME: endpoint stopped w/ xfers running, data might be lost)

[1.5.3-75.el7]
- kvm-target-i386-Broadwell-CPU-model.patch [bz#1116117]
- kvm-pc-Add-Broadwell-CPUID-compatibility-bits.patch [bz#1116117]
- kvm-virtio-balloon-fix-integer-overflow-in-memory-stats-.patch [bz#1142290]
- Resolves: bz#1116117
([Intel 7.1 FEAT] Broadwell new instructions support for KVM - qemu-kvm)
- Resolves: bz#1142290
(guest is stuck when setting balloon memory with large guest-stats-polling-interval)

[1.5.3-74.el7]
- kvm-ide-Add-wwn-support-to-IDE-ATAPI-drive.patch [bz#1131316]
- kvm-vmdk-Allow-vmdk_create-to-work-with-protocol.patch [bz#1098086]
- kvm-block-make-vdi-bounds-check-match-upstream.patch [bz#1098086]
- kvm-vdi-say-why-an-image-is-bad.patch [bz#1098086]
- kvm-block-do-not-abuse-EMEDIUMTYPE.patch [bz#1098086]
- kvm-cow-correctly-propagate-errors.patch [bz#1098086]
- kvm-block-Use-correct-width-in-format-strings.patch [bz#1098086]
- kvm-vdi-remove-double-conversion.patch [bz#1098086]
- kvm-block-vdi-Error-out-immediately-in-vdi_create.patch [bz#1098086]
- kvm-vpc-Implement-.bdrv_has_zero_init.patch [bz#1098086]
- kvm-block-vpc-use-QEMU_PACKED-for-on-disk-structures.patch [bz#1098086]
- kvm-block-allow-bdrv_unref-to-be-passed-NULL-pointers.patch [bz#1098086]
- kvm-block-vdi-use-block-layer-ops-in-vdi_create-instead-.patch [bz#1098086]
- kvm-block-use-the-standard-ret-instead-of-result.patch [bz#1098086]
- kvm-block-vpc-use-block-layer-ops-in-vpc_create-instead-.patch [bz#1098086]
- kvm-block-iotest-update-084-to-test-static-VDI-image-cre.patch [bz#1098086]
- kvm-block-add-helper-function-to-determine-if-a-BDS-is-i.patch [bz#1122925]
- kvm-block-extend-block-commit-to-accept-a-string-for-the.patch [bz#1122925]
- kvm-block-add-backing-file-option-to-block-stream.patch [bz#1122925]
- kvm-block-add-__com.redhat_change-backing-file-qmp-comma.patch [bz#1122925]
- Resolves: bz#1098086
(RFE: Supporting creating vmdk/vdi/vpc format disk with protocols (glusterfs))
- Resolves: bz#1122925
(Maintain relative path to backing file image during live merge (block-commit))
- Resolves: bz#1131316
(fail to specify wwn for virtual IDE CD-ROM)

[1.5.3-73.el7]
- kvm-scsi-disk-fix-bug-in-scsi_block_new_request-introduc.patch [bz#1105880]
- Resolves: bz#1105880
(bug in scsi_block_new_request() function introduced by upstream commit 137745c5c60f083ec982fe9e861e8c16ebca1ba8)

[1.5.3-72.el7]
- kvm-vbe-make-bochs-dispi-interface-return-the-correct-me.patch [bz#1139118]
- kvm-vbe-rework-sanity-checks.patch [bz#1139118]
- kvm-spice-display-add-display-channel-id-to-the-debug-me.patch [bz#1139118]
- kvm-spice-make-sure-we-don-t-overflow-ssd-buf.patch [bz#1139118]
- Resolves: bz#1139118
(CVE-2014-3615 qemu-kvm: Qemu: crash when guest sets high resolution [rhel-7.1])

[1.5.3-71.el7]
- kvm-spice-move-qemu_spice_display_-from-spice-graphics-t.patch [bz#1054077]
- kvm-spice-move-spice_server_vm_-start-stop-calls-into-qe.patch [bz#1054077]
- kvm-spice-stop-server-for-qxl-hard-reset.patch [bz#1054077]
- kvm-qemu-Adjust-qemu-wakeup.patch [bz#1064156]
- kvm-vmstate_xhci_event-fix-unterminated-field-list.patch [bz#1122147]
- kvm-vmstate_xhci_event-bug-compat-with-RHEL-7.0-RHEL-onl.patch [bz#1122147]
- kvm-pflash_cfi01-write-flash-contents-to-bdrv-on-incomin.patch [bz#1139702]
- kvm-ide-test-Add-enum-value-for-DEV.patch [bz#1123372]
- kvm-ide-test-Add-FLUSH-CACHE-test-case.patch [bz#1123372]
- kvm-ide-Fix-segfault-when-flushing-a-device-that-doesn-t.patch [bz#1123372]
- kvm-IDE-Fill-the-IDENTIFY-request-consistently.patch [bz#852348]
- kvm-ide-Add-resize-callback-to-ide-core.patch [bz#852348]
- Resolves: bz#1054077
(qemu crash when reboot win7 guest with spice display)
- Resolves: bz#1064156
([qxl] The guest show black screen while resumed guest which managedsaved in pmsuspended status.)
- Resolves: bz#1122147
(CVE-2014-5263 vmstate_xhci_event: fix unterminated field list)
- Resolves: bz#1123372
(qemu-kvm crashed when doing iofuzz testing)
- Resolves: bz#1139702
(pflash (UEFI varstore) migration shortcut for libvirt [RHEL])
- Resolves: bz#852348
(fail to block_resize local data disk with IDE/AHCI disk_interface)

[1.5.3-70.el7]
- kvm-Enforce-stack-protector-usage.patch [bz#1064260]
- kvm-pc-increase-maximal-VCPU-count-to-240.patch [bz#1134408]
- kvm-gluster-Add-discard-support-for-GlusterFS-block-driv.patch [bz#1136534]
- kvm-gluster-default-scheme-to-gluster-and-host-to-localh.patch [bz#1088150]
- kvm-qdev-properties-system.c-Allow-vlan-or-netdev-for-de.patch [bz#996011]
- kvm-vl-process-object-after-other-backend-options.patch [bz#1128095]
- Resolves: bz#1064260
(Handle properly --enable-fstack-protector option)
- Resolves: bz#1088150
(qemu-img coredumpd when try to create a gluster format image)
- Resolves: bz#1128095
(chardev 'chr0' isn't initialized when we try to open rng backend)
- Resolves: bz#1134408
([HP 7.1 FEAT] Increase qemu-kvm's VCPU limit to 240)
- Resolves: bz#1136534
(glusterfs backend does not support discard)
- Resolves: bz#996011
(vlan and queues options cause core dumped when qemu-kvm process quit(or ctrl+c))

[1.5.3-69.el7]
- kvm-rdma-bug-fixes.patch [bz#1107821]
- kvm-virtio-serial-report-frontend-connection-state-via-m.patch [bz#1122151]
- kvm-char-report-frontend-open-closed-state-in-query-char.patch [bz#1122151]
- kvm-acpi-fix-tables-for-no-hpet-configuration.patch [bz#1129552]
- kvm-mirror-Fix-resource-leak-when-bdrv_getlength-fails.patch [bz#1130603]
- kvm-blockjob-Add-block_job_yield.patch [bz#1130603]
- kvm-mirror-Go-through-ready-complete-process-for-0-len-i.patch [bz#1130603]
- kvm-qemu-iotests-Test-BLOCK_JOB_READY-event-for-0Kb-imag.patch [bz#1130603]
- kvm-block-make-top-argument-to-block-commit-optional.patch [bz#1130603]
- kvm-qemu-iotests-Test-0-length-image-for-mirror.patch [bz#1130603]
- kvm-mirror-Fix-qiov-size-for-short-requests.patch [bz#1130603]
- Resolves: bz#1107821
(rdma migration: seg if destination isn't listening)
- Resolves: bz#1122151
(Pass close from qemu-ga)
- Resolves: bz#1129552
(backport 'acpi: fix tables for no-hpet configuration')
- Resolves: bz#1130603
(advertise active commit to libvirt)

[1.5.3-68.el7]
- kvm-virtio-net-Do-not-filter-VLANs-without-F_CTRL_VLAN.patch [bz#1065724]
- kvm-virtio-net-add-vlan-receive-state-to-RxFilterInfo.patch [bz#1065724]
- kvm-virtio-rng-check-return-value-of-virtio_load.patch [bz#1116941]
- kvm-qapi-treat-all-negative-return-of-strtosz_suffix-as-.patch [bz#1074403]
- Resolves: bz#1065724
(rx filter incorrect when guest disables VLAN filtering)
- Resolves: bz#1074403
(qemu-kvm can not give any warning hint when set sndbuf with negative value)
- Resolves: bz#1116941
(Return value of virtio_load not checked in virtio_rng_load)

[1.5.3-67.el7]
- kvm-vl.c-Output-error-on-invalid-machine-type.patch [bz#990724]
- kvm-migration-dump-vmstate-info-as-a-json-file-for-stati.patch [bz#1118707]
- kvm-vmstate-static-checker-script-to-validate-vmstate-ch.patch [bz#1118707]
- kvm-tests-vmstate-static-checker-add-dump1-and-dump2-fil.patch [bz#1118707]
- kvm-tests-vmstate-static-checker-incompat-machine-types.patch [bz#1118707]
- kvm-tests-vmstate-static-checker-add-version-error-in-ma.patch [bz#1118707]
- kvm-tests-vmstate-static-checker-version-mismatch-inside.patch [bz#1118707]
- kvm-tests-vmstate-static-checker-minimum_version_id-chec.patch [bz#1118707]
- kvm-tests-vmstate-static-checker-remove-a-section.patch [bz#1118707]
- kvm-tests-vmstate-static-checker-remove-a-field.patch [bz#1118707]
- kvm-tests-vmstate-static-checker-remove-last-field-in-a-.patch [bz#1118707]
- kvm-tests-vmstate-static-checker-change-description-name.patch [bz#1118707]
- kvm-tests-vmstate-static-checker-remove-Fields.patch [bz#1118707]
- kvm-tests-vmstate-static-checker-remove-Description.patch [bz#1118707]
- kvm-tests-vmstate-static-checker-remove-Description-insi.patch [bz#1118707]
- kvm-tests-vmstate-static-checker-remove-a-subsection.patch [bz#1118707]
- kvm-tests-vmstate-static-checker-remove-Subsections.patch [bz#1118707]
- kvm-tests-vmstate-static-checker-add-substructure-for-us.patch [bz#1118707]
- kvm-tests-vmstate-static-checker-add-size-mismatch-insid.patch [bz#1118707]
- kvm-aio-fix-qemu_bh_schedule-bh-ctx-race-condition.patch [bz#1116728]
- kvm-block-Improve-driver-whitelist-checks.patch [bz#999789]
- kvm-vmdk-Fix-format-specific-information-create-type-for.patch [bz#1029271]
- kvm-virtio-pci-Report-an-error-when-msix-vectors-init-fa.patch [bz#1095645]
- kvm-scsi-Report-error-when-lun-number-is-in-use.patch [bz#1096576]
- kvm-util-Split-out-exec_dir-from-os_find_datadir.patch [bz#1017685]
- kvm-rules.mak-fix-obj-to-a-real-relative-path.patch [bz#1017685]
- kvm-rules.mak-allow-per-object-cflags-and-libs.patch [bz#1017685]
- kvm-block-use-per-object-cflags-and-libs.patch [bz#1017685]
- kvm-vmdk-Fix-creating-big-description-file.patch [bz#1039791]
- Resolves: bz#1017685
(Gluster etc. should not be a dependency of vscclient and libcacard)
- Resolves: bz#1029271
(Format specific information (create type) was wrong when create it specified subformat='streamOptimized')
- Resolves: bz#1039791
(qemu-img creates truncated VMDK image with subformat=twoGbMaxExtentFlat)
- Resolves: bz#1095645
(vectors of virtio-scsi-pci will be 0 when set vectors>=129)
- Resolves: bz#1096576
(QEMU core dumped when boot up two scsi-hd disk on the same virtio-scsi-pci controller in Intel host)
- Resolves: bz#1116728
(Backport qemu_bh_schedule() race condition fix)
- Resolves: bz#1118707
(VMstate static checker: backport -dump-vmstate feature to export json-encoded vmstate info)
- Resolves: bz#990724
(qemu-kvm failing when invalid machine type is provided)
- Resolves: bz#999789
(qemu should give a more friendly prompt when didn't specify read-only for VMDK format disk)

[1.5.3-66.el7]
- kvm-xhci-fix-overflow-in-usb_xhci_post_load.patch [bz#1074219]
- kvm-migration-qmp_migrate-keep-working-after-syntax-erro.patch [bz#1086598]
- kvm-seccomp-add-shmctl-mlock-and-munlock-to-the-syscall-.patch [bz#1026314]
- kvm-exit-when-no-kvm-and-vcpu-count-160.patch [bz#1076326]
- kvm-Disallow-outward-migration-while-awaiting-incoming-m.patch [bz#1086987]
- kvm-block-Ignore-duplicate-or-NULL-format_name-in-bdrv_i.patch [bz#1088695 bz#1093983]
- kvm-block-vhdx-account-for-identical-header-sections.patch [bz#1097020]
- kvm-aio-Fix-use-after-free-in-cancellation-path.patch [bz#1095877]
- kvm-scsi-disk-Improve-error-messager-if-can-t-get-versio.patch [bz#1021788]
- kvm-scsi-Improve-error-messages-more.patch [bz#1021788]
- kvm-memory-Don-t-call-memory_region_update_coalesced_ran.patch [bz#1096645]
- kvm-kvmclock-Ensure-time-in-migration-never-goes-backwar.patch [bz#1098602]
- kvm-kvmclock-Ensure-proper-env-tsc-value-for-kvmclock_cu.patch [bz#1098602]
- Resolves: bz#1021788
(the error message 'scsi generic interface too old' is wrong more often than not)
- Resolves: bz#1026314
(qemu-kvm hang when use '-sandbox on'+'vnc'+'hda')
- Resolves: bz#1074219
(qemu core dump when install a RHEL.7 guest(xhci) with migration)
- Resolves: bz#1076326
(qemu-kvm does not quit when booting guest w/ 161 vcpus and '-no-kvm')
- Resolves: bz#1086598
(migrate_cancel wont take effect on previouly wrong migrate -d cmd)
- Resolves: bz#1086987
(src qemu crashed when starting migration in inmigrate mode)
- Resolves: bz#1088695
(there are four 'gluster' in qemu-img supported format list)
- Resolves: bz#1093983
(there are three 'nbd' in qemu-img supported format list)
- Resolves: bz#1095877
(segmentation fault in qemu-kvm due to use-after-free of a SCSIGenericReq (host device pass-through))
- Resolves: bz#1096645
([FJ7.0 Bug] RHEL7.0 guest attaching 150 or more virtio-blk disks fails to start up)
- Resolves: bz#1097020
([RFE] qemu-img: Add/improve Disk2VHD tools creating VHDX images)
- Resolves: bz#1098602
(kvmclock: Ensure time in migration never goes backward (backport))

[1.5.3-65.el7]
- kvm-Allow-mismatched-virtio-config-len.patch [bz#1113009]
- Resolves: bz#1113009
(Migration failed with virtio-blk from RHEL6.5.0 host to RHEL7.0 host)

[1.5.3-64.el7]
- kvm-zero-initialize-KVM_SET_GSI_ROUTING-input.patch [bz#1098976]
- kvm-skip-system-call-when-msi-route-is-unchanged.patch [bz#1098976]
- Resolves: bz#1098976
(2x RHEL 5.10 VM running on RHEL 7 KVM have low TCP_STREAM throughput)

[1.5.3-63.el7]
- kvm-char-restore-read-callback-on-a-reattached-hotplug-c.patch [bz#1038914]
- kvm-qcow2-Free-preallocated-zero-clusters.patch [bz#1052093]
- kvm-qemu-iotests-Discard-preallocated-zero-clusters.patch [bz#1052093]
- kvm-XBZRLE-Fix-qemu-crash-when-resize-the-xbzrle-cache.patch [bz#1066338]
- kvm-Provide-init-function-for-ram-migration.patch [bz#1066338]
- kvm-Init-the-XBZRLE.lock-in-ram_mig_init.patch [bz#1066338]
- kvm-XBZRLE-Fix-one-XBZRLE-corruption-issues.patch [bz#1066338]
- kvm-Count-used-RAMBlock-pages-for-migration_dirty_pages.patch [bz#1074913]
- kvm-virtio-net-fix-buffer-overflow-on-invalid-state-load.patch [bz#1095678]
- kvm-virtio-net-out-of-bounds-buffer-write-on-invalid-sta.patch [bz#1095690]
- kvm-virtio-net-out-of-bounds-buffer-write-on-load.patch [bz#1095685]
- kvm-virtio-out-of-bounds-buffer-write-on-invalid-state-l.patch [bz#1095695]
- kvm-virtio-avoid-buffer-overrun-on-incoming-migration.patch [bz#1095738]
- kvm-virtio-scsi-fix-buffer-overrun-on-invalid-state-load.patch [bz#1095742]
- kvm-virtio-validate-config_len-on-load.patch [bz#1095783]
- kvm-virtio-validate-num_sg-when-mapping.patch [bz#1095766]
- kvm-virtio-allow-mapping-up-to-max-queue-size.patch [bz#1095766]
- kvm-usb-sanity-check-setup_index-setup_len-in-post_load.patch [bz#1095747]
- kvm-usb-sanity-check-setup_index-setup_len-in-post_l2.patch [bz#1095747]
- kvm-vmstate-reduce-code-duplication.patch [bz#1095716]
- kvm-vmstate-add-VMS_MUST_EXIST.patch [bz#1095716]
- kvm-vmstate-add-VMSTATE_VALIDATE.patch [bz#1095716]
- kvm-hpet-fix-buffer-overrun-on-invalid-state-load.patch [bz#1095707]
- kvm-hw-pci-pcie_aer.c-fix-buffer-overruns-on-invalid-sta.patch [bz#1095716]
- kvm-usb-fix-up-post-load-checks.patch [bz#1096829]
- kvm-qcow-correctly-propagate-errors.patch [bz#1097230]
- kvm-qcow1-Make-padding-in-the-header-explicit.patch [bz#1097230]
- kvm-qcow1-Check-maximum-cluster-size.patch [bz#1097230]
- kvm-qcow1-Validate-L2-table-size-CVE-2014-0222.patch [bz#1097230]
- kvm-qcow1-Validate-image-size-CVE-2014-0223.patch [bz#1097237]
- kvm-qcow1-Stricter-backing-file-length-check.patch [bz#1097237]
- Resolves: bz#1038914
(Guest can't receive any character transmitted from host after hot unplugging virtserialport then hot plugging again)
- Resolves: bz#1052093
(qcow2 corruptions (leaked clusters after installing a rhel7 guest using virtio_scsi))
- Resolves: bz#1066338
(Reduce the migrate cache size during migration causes qemu segment fault)
- Resolves: bz#1074913
(migration can not finish with 1024k 'remaining ram' left after hotunplug 4 nics)
- Resolves: bz#1095678
(CVE-2013-4148 qemu-kvm: qemu: virtio-net: buffer overflow on invalid state load [rhel-7.1])
- Resolves: bz#1095685
(CVE-2013-4149 qemu-kvm: qemu: virtio-net: out-of-bounds buffer write on load [rhel-7.1])
- Resolves: bz#1095690
(CVE-2013-4150 qemu-kvm: qemu: virtio-net: out-of-bounds buffer write on invalid state load [rhel-7.1])
- Resolves: bz#1095695
(CVE-2013-4151 qemu-kvm: qemu: virtio: out-of-bounds buffer write on invalid state load [rhel-7.1])
- Resolves: bz#1095707
(CVE-2013-4527 qemu-kvm: qemu: hpet: buffer overrun on invalid state load [rhel-7.1])
- Resolves: bz#1095716
(CVE-2013-4529 qemu-kvm: qemu: hw/pci/pcie_aer.c: buffer overrun on invalid state load [rhel-7.1])
- Resolves: bz#1095738
(CVE-2013-6399 qemu-kvm: qemu: virtio: buffer overrun on incoming migration [rhel-7.1])
- Resolves: bz#1095742
(CVE-2013-4542 qemu-kvm: qemu: virtio-scsi: buffer overrun on invalid state load [rhel-7.1])
- Resolves: bz#1095747
(CVE-2013-4541 qemu-kvm: qemu: usb: insufficient sanity checking of setup_index+setup_len in post_load [rhel-7.1])
- Resolves: bz#1095766
(CVE-2013-4535 CVE-2013-4536 qemu-kvm: qemu: virtio: insufficient validation of num_sg when mapping [rhel-7.1])
- Resolves: bz#1095783
(CVE-2014-0182 qemu-kvm: qemu: virtio: out-of-bounds buffer write on state load with invalid config_len [rhel-7.1])
- Resolves: bz#1096829
(CVE-2014-3461 qemu-kvm: Qemu: usb: fix up post load checks [rhel-7.1])
- Resolves: bz#1097230
(CVE-2014-0222 qemu-kvm: Qemu: qcow1: validate L2 table size to avoid integer overflows [rhel-7.1])
- Resolves: bz#1097237
(CVE-2014-0223 qemu-kvm: Qemu: qcow1: validate image size to avoid out-of-bounds memory access [rhel-7.1])

[1.5.3-62.el7]
- kvm-pc-add-hot_add_cpu-callback-to-all-machine-types.patch [bz#1094285]
- Resolves: bz#1094285
(Hot plug CPU not working with RHEL6 machine types running on RHEL7 host.)

[1.5.3-61.el7]
- kvm-iscsi-fix-indentation.patch [bz#1083413]
- kvm-iscsi-correctly-propagate-errors-in-iscsi_open.patch [bz#1083413]
- kvm-block-iscsi-query-for-supported-VPD-pages.patch [bz#1083413]
- kvm-block-iscsi-fix-segfault-if-writesame-fails.patch [bz#1083413]
- kvm-iscsi-recognize-invalid-field-ASCQ-from-WRITE-SAME-c.patch [bz#1083413]
- kvm-iscsi-ignore-flushes-on-scsi-generic-devices.patch [bz#1083413]
- kvm-iscsi-always-query-max-WRITE-SAME-length.patch [bz#1083413]
- kvm-iscsi-Don-t-set-error-if-already-set-in-iscsi_do_inq.patch [bz#1083413]
- kvm-iscsi-Remember-to-set-ret-for-iscsi_open-in-error-ca.patch [bz#1083413]
- kvm-qemu_loadvm_state-shadow-SeaBIOS-for-VM-incoming-fro.patch [bz#1027565]
- kvm-uhci-UNfix-irq-routing-for-RHEL-6-machtypes-RHEL-onl.patch [bz#1085701]
- kvm-ide-Correct-improper-smart-self-test-counter-reset-i.patch [bz#1087980]
- Resolves: bz#1027565
(fail to reboot guest after migration from RHEL6.5 host to RHEL7.0 host)
- Resolves: bz#1083413
(qemu-kvm: iSCSI: Failure. SENSE KEY:ILLEGAL_REQUEST(5) ASCQ:INVALID_FIELD_IN_CDB(0x2400))
- Resolves: bz#1085701
(Guest hits call trace migrate from RHEL6.5 to RHEL7.0 host with -M 6.1 & balloon & uhci device)
- Resolves: bz#1087980
(CVE-2014-2894 qemu-kvm: QEMU: out of bounds buffer accesses, guest triggerable via IDE SMART [rhel-7.1])


Related CVEs


CVE-2014-3640
CVE-2014-7815
CVE-2014-7840
CVE-2014-8106

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) qemu-kvm-1.5.3-86.el7.src.rpm575f8b712f76f1b7b8b816450399d20dELBA-2021-9161
libcacard-1.5.3-86.el7.i686.rpmab2b1d47ee955c05572af92be5c71374ELEA-2020-1159
libcacard-1.5.3-86.el7.x86_64.rpm605276798838b7b985ffc0be20f39f6bELEA-2020-1159
libcacard-devel-1.5.3-86.el7.i686.rpm381be9f71229eb7ce34c7c50661a4cfdELEA-2020-1159
libcacard-devel-1.5.3-86.el7.x86_64.rpm080729b5acc3b0ff35db7303b78df8f7ELEA-2020-1159
libcacard-tools-1.5.3-86.el7.x86_64.rpmaaf53e6cd14eab15591550e3b579966cELEA-2020-1159
qemu-img-1.5.3-86.el7.x86_64.rpmf789c52df3118b597e21eb3bc195fb53ELBA-2021-9161
qemu-kvm-1.5.3-86.el7.x86_64.rpm4f4ebf606855040e6d54d9723bfaffaaELBA-2021-9161
qemu-kvm-common-1.5.3-86.el7.x86_64.rpme7c74ab34851d3450d9ebde09e2fc652ELSA-2021-0347
qemu-kvm-tools-1.5.3-86.el7.x86_64.rpm420042b31b1e241a9c8e5f3a82918fe2ELSA-2021-0347



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete