ELSA-2016-2585

ULN >
Oracle Linux Errata repository >
ELSA-2016-2585

ELSA-2016-2585 - qemu-kvm security, bug fix, and enhancement update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2016-11-09

Description

[1.5.3-126.el7]
- kvm-virtio-recalculate-vq-inuse-after-migration.patch [bz#1376542]
- Resolves: bz#1376542
(RHSA-2016-1756 breaks migration of instances)

[1.5.3-125.el7]
- kvm-nbd-server-Set-O_NONBLOCK-on-client-fd.patch [bz#1285453]
- Resolves: bz#1285453
(An NBD client can cause QEMU main loop to block when connecting to built-in NBD server)

[1.5.3-124.el7]
- kvm-target-i386-Add-support-for-FEAT_7_0_ECX.patch [bz#1372459]
- kvm-target-i386-Add-more-Intel-AVX-512-instructions-supp.patch [bz#1372459]
- Resolves: bz#1372459
([Intel 7.3 Bug] SKL-SP Guest cpu doesnt support avx512 instruction sets(avx512bw, avx512dq and avx512vl) (qemu-kvm))

[1.5.3-123.el7]
- kvm-Fix-backport-of-target-i386-add-feature-flags-for-CP.patch [bz#1371619]
- kvm-Add-skip_dump-flag-to-ignore-memory-region-during-du.patch [bz#1373088]
- Resolves: bz#1371619
(Flags xsaveopt xsavec xgetbv1 are missing on qemu-kvm)
- Resolves: bz#1373088
([FJ7.3 Bug]: virsh dump with both --memory-only and --format option fails)

[1.5.3-122.el7]
- kvm-virtio-validate-the-existence-of-handle_output-befor.patch [bz#1367040]
- Resolves: bz#1367040
(QEMU crash when guest notifies non-existent virtqueue)

[1.5.3-121.el7]
- kvm-json-parser-drop-superfluous-assignment-for-token-va.patch [bz#1276036]
- kvm-qjson-Apply-nesting-limit-more-sanely.patch [bz#1276036]
- kvm-qjson-Don-t-crash-when-input-exceeds-nesting-limit.patch [bz#1276036]
- kvm-check-qjson-Add-test-for-JSON-nesting-depth-limit.patch [bz#1276036]
- kvm-qjson-Spell-out-some-silent-assumptions.patch [bz#1276036]
- kvm-qjson-Give-each-of-the-six-structural-chars-its-own-.patch [bz#1276036]
- kvm-qjson-Inline-token_is_keyword-and-simplify.patch [bz#1276036]
- kvm-qjson-Inline-token_is_escape-and-simplify.patch [bz#1276036]
- kvm-qjson-replace-QString-in-JSONLexer-with-GString.patch [bz#1276036]
- kvm-qjson-Convert-to-parser-to-recursive-descent.patch [bz#1276036]
- kvm-qjson-store-tokens-in-a-GQueue.patch [bz#1276036]
- kvm-qjson-surprise-allocating-6-QObjects-per-token-is-ex.patch [bz#1276036]
- kvm-qjson-Limit-number-of-tokens-in-addition-to-total-si.patch [bz#1276036]
- kvm-json-streamer-Don-t-leak-tokens-on-incomplete-parse.patch [bz#1276036]
- kvm-json-streamer-fix-double-free-on-exiting-during-a-pa.patch [bz#1276036]
- kvm-trace-remove-malloc-tracing.patch [bz#1360137]
- Resolves: bz#1276036
(Crash on QMP input exceeding limits)
- Resolves: bz#1360137
(GLib-WARNING **: gmem.c:482: custom memory allocation vtable not supported)

[1.5.3-120.el7]
- kvm-Add-install-dependency-to-newer-libusbx-version.patch [bz#1351106]
- kvm-virtio-error-out-if-guest-exceeds-virtqueue-size.patch [bz#1359729]
- Resolves: bz#1351106
(symbol lookup error: /usr/libexec/qemu-kvm: undefined symbol: libusb_get_port_numbers)
- Resolves: bz#1359729
(CVE-2016-5403 qemu-kvm: Qemu: virtio: unbounded memory allocation on host via guest leading to DoS [rhel-7.3])

[1.5.3-119.el7]
- kvm-qxl-factor-out-qxl_get_check_slot_offset.patch [bz#1355730]
- kvm-qxl-store-memory-region-and-offset-instead-of-pointe.patch [bz#1355730]
- kvm-qxl-fix-surface-migration.patch [bz#1355730]
- kvm-qxl-fix-qxl_set_dirty-call-in-qxl_dirty_one_surface.patch [bz#1355730]
- Resolves: bz#1355730
(spice-gtk shows outdated screen state after migration [qemu-kvm])

[1.5.3-118.el7]
- kvm-util-introduce-MIN_NON_ZERO.patch [bz#1318199]
- kvm-BlockLimits-introduce-max_transfer_length.patch [bz#1318199]
- kvm-block-backend-expose-bs-bl.max_transfer_length.patch [bz#1318199]
- kvm-scsi-generic-Merge-block-max-xfer-len-in-INQUIRY-res.patch [bz#1318199]
- kvm-raw-posix-Fetch-max-sectors-for-host-block-device.patch [bz#1318199]
- kvm-scsi-Advertise-limits-by-blocksize-not-512.patch [bz#1318199]
- kvm-util-Fix-MIN_NON_ZERO.patch [bz#1318199]
- Resolves: bz#1318199
(expose host BLKSECTGET limit in scsi-block (qemu-kvm))

[1.5.3-117.el7]
- kvm-target-i386-add-feature-flags-for-CPUID-EAX-0xd-ECX-.patch [bz#1327599]
- kvm-target-i386-add-Skylake-Client-cpu-model.patch [bz#1327599]
- Resolves: bz#1327599
(Add Skylake CPU model)

[1.5.3-116.el7]
- kvm-block-iscsi-avoid-potential-overflow-of-acb-task-cdb.patch [bz#1340929]
- Resolves: bz#1340929
(CVE-2016-5126 qemu-kvm: Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl [rhel-7.3])

[1.5.3-115.el7]
- kvm-spice-do-not-require-TCP-ports.patch [bz#1336491]
- kvm-vga-add-sr_vbe-register-set.patch [bz#1346982]
- Resolves: bz#1336491
(Ship FD connection patches qemu-kvm part)
- Resolves: bz#1346982
(Regression from CVE-2016-3712: windows installer fails to start)

[1.5.3-114.el7]
- kvm-hw-input-hid.c-Fix-capslock-hid-code.patch [bz#1256741]
- kvm-target-i386-fix-pcmpxstrx-equal-ordered-strstr-mode.patch [bz#1340971]
- kvm-spec-Update-rules-before-triggering-for-kvm-device.patch [bz#1333159]
- Resolves: bz#1256741
('CapsLock' will work as '\' when boot a guest with usb-kbd)
- Resolves: bz#1333159
(qemu-kvm doesnt reload udev rules before triggering for kvm device)
- Resolves: bz#1340971
(qemu: accel=tcg does not implement SSE 4 properly)

[1.5.3-113.el7]
- kvm-qxl-allow-to-specify-head-limit-to-qxl-driver.patch [bz#1283198]
- kvm-qxl-Fix-new-function-name-for-spice-server-library.patch [bz#1283198]
- kvm-block-raw-posix-Open-file-descriptor-O_RDWR-to-work-.patch [bz#1268345]
- Resolves: bz#1268345
(posix_fallocate emulation on NFS fails with Bad file descriptor if fd is opened O_WRONLY)
- Resolves: bz#1283198
(RFE: backport max monitor limitation from Qemu upstream)

[1.5.3-112.el7]
- kvm-virtio-scsi-Prevent-assertion-on-missed-events.patch [bz#1312289]
- kvm-seccomp-adding-sysinfo-system-call-to-whitelist.patch [bz#1177318]
- kvm-acpi-strip-compiler-info-in-built-in-DSDT.patch [bz#1330969]
- kvm-acpi-fix-endian-ness-for-table-ids.patch [bz#1330969]
- kvm-acpi-support-specified-oem-table-id-for-build_header.patch [bz#1330969]
- kvm-acpi-take-oem_id-in-build_header-optionally.patch [bz#1330969]
- kvm-acpi-expose-oem_id-and-oem_table_id-in-build_rsdt.patch [bz#1330969]
- kvm-acpi-add-function-to-extract-oem_id-and-oem_table_id.patch [bz#1330969]
- kvm-pc-set-the-OEM-fields-in-the-RSDT-and-the-FADT-from-.patch [bz#1330969]
- kvm-block-jobs-qemu-kvm-rhel-differentiation.patch [bz#1156635]
- Resolves: bz#1156635
(Libvirt is confused that qemu-kvm exposes 'block-job-cancel' but not 'block-stream')
- Resolves: bz#1177318
(Guest using rbd based image as disk failed to start when sandbox was enabled)
- Resolves: bz#1312289
('qemu-kvm: /builddir/build/BUILD/qemu-1.5.3/hw/scsi/virtio-scsi.c:533: virtio_scsi_push_event: Assertion 'event == 0' failed' after hotplug 20 virtio-scsi disks then hotunplug them)
- Resolves: bz#1330969
(match the OEM ID and OEM Table ID fields of the FADT and the RSDT to those of the SLIC)

[1.5.3-111.el7]
- kvm-vmdk-Leave-bdi-intact-if-ENOTSUP-in-vmdk_get_info.patch [bz#1299250]
- kvm-vmdk-Use-g_random_int-to-generate-CID.patch [bz#1299250]
- kvm-vmdk-Fix-comment-to-match-code-of-extent-lines.patch [bz#1299250]
- kvm-vmdk-Clean-up-descriptor-file-reading.patch [bz#1299250]
- kvm-vmdk-Check-descriptor-file-length-when-reading-it.patch [bz#1299250]
- kvm-vmdk-Remove-unnecessary-initialization.patch [bz#1299250]
- kvm-vmdk-Set-errp-on-failures-in-vmdk_open_vmdk4.patch [bz#1299250]
- kvm-block-vmdk-make-ret-variable-usage-clear.patch [bz#1299250]
- kvm-block-vmdk-move-string-allocations-from-stack-to-the.patch [bz#1299250]
- kvm-block-vmdk-fixed-sizeof-error.patch [bz#1299250]
- kvm-vmdk-Widen-before-shifting-32-bit-header-field.patch [bz#1299250]
- kvm-vmdk-Fix-next_cluster_sector-for-compressed-write.patch [bz#1299250]
- kvm-vmdk-Fix-index_in_cluster-calculation-in-vmdk_co_get.patch [bz#1299250]
- kvm-vmdk-Use-vmdk_find_index_in_cluster-everywhere.patch [bz#1299250]
- kvm-vmdk-Fix-next_cluster_sector-for-compressed-write2.patch [bz#1299250]
- kvm-vmdk-Create-streamOptimized-as-version-3.patch [bz#1299116]
- kvm-vmdk-Fix-converting-to-streamOptimized.patch [bz#1299116]
- kvm-vmdk-Fix-calculation-of-block-status-s-offset.patch [bz#1299116]
- Resolves: bz#1299116
(qemu-img created VMDK images lead to 'Not a supported disk format (sparse VMDK version too old)')
- Resolves: bz#1299250
(qemu-img created VMDK images are unbootable)

[1.5.3-110.el7]
- kvm-qemu-io-Remove-unused-args_command.patch [bz#1272523]
- kvm-cutils-Support-P-and-E-suffixes-in-strtosz.patch [bz#1272523]
- kvm-qemu-io-Make-cvtnum-a-wrapper-around-strtosz_suffix.patch [bz#1272523]
- kvm-qemu-io-Handle-cvtnum-errors-in-alloc.patch [bz#1272523]
- kvm-qemu-io-Don-t-use-global-bs-in-command-implementatio.patch [bz#1272523]
- kvm-qemu-io-Split-off-commands-to-qemu-io-cmds.c.patch [bz#1272523]
- kvm-qemu-io-Factor-out-qemuio_command.patch [bz#1272523]
- kvm-qemu-io-Move-help-function.patch [bz#1272523]
- kvm-qemu-io-Move-quit-function.patch [bz#1272523]
- kvm-qemu-io-Move-qemu_strsep-to-cutils.c.patch [bz#1272523]
- kvm-qemu-io-Move-functions-for-registering-and-running-c.patch [bz#1272523]
- kvm-qemu-io-Move-command_loop-and-friends.patch [bz#1272523]
- kvm-qemu-io-Move-remaining-helpers-from-cmd.c.patch [bz#1272523]
- kvm-qemu-io-Interface-cleanup.patch [bz#1272523]
- kvm-qemu-io-Use-the-qemu-version-for-V.patch [bz#1272523]
- kvm-Make-qemu-io-commands-available-in-HMP.patch [bz#1272523]
- kvm-blkdebug-Add-BLKDBG_FLUSH_TO_OS-DISK-events.patch [bz#1272523]
- kvm-qemu-io-fix-cvtnum-lval-types.patch [bz#1272523]
- kvm-qemu-io-Check-for-trailing-chars.patch [bz#1272523]
- kvm-qemu-io-Correct-error-messages.patch [bz#1272523]
- kvm-ide-test-fix-failure-for-test_flush.patch [bz#1272523]
- kvm-vga-Remove-some-should-be-done-in-BIOS-comments.patch [bz#1331413]
- kvm-vga-fix-banked-access-bounds-checking-CVE-2016-xxxx.patch [bz#1331413]
- kvm-vga-add-vbe_enabled-helper.patch [bz#1331413]
- kvm-vga-factor-out-vga-register-setup.patch [bz#1331413]
- kvm-vga-update-vga-register-setup-on-vbe-changes.patch [bz#1331413]
- kvm-vga-make-sure-vga-register-setup-for-vbe-stays-intac.patch [bz#1331413]
- Resolves: bz#1272523
(qemu-kvm build failure race condition in tests/ide-test)
- Resolves: bz#1331413
(EMBARGOED CVE-2016-3710 qemu-kvm: qemu: incorrect banked access bounds checking in vga module [rhel-7.3])

[1.5.3-109.el7]
- kvm-e1000-eliminate-infinite-loops-on-out-of-bounds-tran.patch [bz#1296044]
- kvm-nbd-Always-call-close_fn-in-nbd_client_new.patch [bz#1285453]
- kvm-nbd-server-Coroutine-based-negotiation.patch [bz#1285453]
- kvm-nbd-client_close-on-error-in-nbd_co_client_start.patch [bz#1285453]
- kvm-Remove-libcacard-build.patch [bz#1314153]
- Resolves: bz#1285453
(An NBD client can cause QEMU main loop to block when connecting to built-in NBD server)
- Resolves: bz#1296044
(qemu-kvm: insufficient loop termination conditions in start_xmit() and e1000_receive() [rhel-7.3])
- Resolves: bz#1314153
(Disable building of libcacard)

[1.5.3-108.el7]
- kvm-net-Make-qmp_query_rx_filter-with-name-argument-more.patch [bz#1269738]
- kvm-fw_cfg-add-check-to-validate-current-entry-value-CVE.patch [bz#1298048]
- Resolves: bz#1269738
(Vlan table display repeat four times in qmp when queues=4)
- Resolves: bz#1298048
(CVE-2016-1714 qemu-kvm: Qemu: nvram: OOB r/w access in processing firmware configurations [rhel-7.3])

[1.5.3-107.el7]
- kvm-raw-posix-Fix-.bdrv_co_get_block_status-for-unaligne.patch [bz#1283116]
- Resolves: bz#1283116
([abrt] qemu-img: get_block_status(): qemu-img killed by SIGABRT)

[1.5.3-106.el7]
- kvm-ehci-clear-suspend-bit-on-detach.patch [bz#1268879]
- kvm-rbd-make-qemu-s-cache-setting-override-any-ceph-sett.patch [bz#1277248]
- kvm-rbd-fix-ceph-settings-precedence.patch [bz#1277248]
- kvm-target-i386-get-put-MSR_TSC_AUX-across-reset-and-mig.patch [bz#1265427]
- kvm-rtl8139-Fix-receive-buffer-overflow-check.patch [bz#1252757]
- kvm-rtl8139-Do-not-consume-the-packet-during-overflow-in.patch [bz#1252757]
- Resolves: bz#1252757
([RHEL-7.2-qmu-kvm] Package is 100% lost when ping from host to Win2012r2 guest with 64000 size)
- Resolves: bz#1265427
(contents of MSR_TSC_AUX are not migrated)
- Resolves: bz#1268879
(Camera stops work after remote-viewer re-connection [qemu-kvm])
- Resolves: bz#1277248
(ceph.conf properties override qemus command-line properties)

Related CVEs

CVE-2016-3712

CVE-2016-1981

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 7 (x86_64)	qemu-kvm-1.5.3-126.el7.src.rpm	8ed2aa3d4af465e30ce7f08f2cedfe77	ELBA-2021-9161
	qemu-img-1.5.3-126.el7.x86_64.rpm	6a552bf9337688ed35912dc2bb2899f7	ELBA-2021-9161
	qemu-kvm-1.5.3-126.el7.x86_64.rpm	2809506309e73af329c745c6b1540841	ELBA-2021-9161
	qemu-kvm-common-1.5.3-126.el7.x86_64.rpm	2eaaab5c2a5751fd2c05780663899006	ELSA-2021-0347
	qemu-kvm-tools-1.5.3-126.el7.x86_64.rpm	3d211fe4c49f59f8cdd9225e1c90ca11	ELSA-2021-0347

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691