ELSA-2017-3368

ELSA-2017-3368 - qemu-kvm security update

Type:SECURITY
Severity:MODERATE
Release Date:2017-11-30

Description


[1.5.3-141.el7_4.4]
- kvm-multiboot-validate-multiboot-header-address-values.patch [bz#1501120]
- Resolves: bz#1501120
(CVE-2017-14167 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.4.z])

[1.5.3-141.el7_4.3]
- kvm-bswap.h-Remove-cpu_to_32wu.patch [bz#1501294]
- kvm-hw-use-ld_p-st_p-instead-of-ld_raw-st_raw.patch [bz#1501294]
- kvm-vga-Start-cutting-out-non-32bpp-conversion-support.patch [bz#1501294]
- kvm-vga-Remove-remainder-of-old-conversion-cruft.patch [bz#1501294]
- kvm-vga-Separate-LE-and-BE-conversion-functions.patch [bz#1501294]
- kvm-vga-Rename-vga_template.h-to-vga-helpers.h.patch [bz#1501294]
- kvm-vga-stop-passing-pointers-to-vga_draw_line-functions.patch [bz#1501294]
- kvm-vga-drop-line_offset-variable.patch [bz#1501294]
- kvm-vga-Add-mechanism-to-force-the-use-of-a-shadow-surfa.patch [bz#1501294]
- kvm-vga-handle-cirrus-vbe-mode-wraparounds.patch [bz#1501294]
- kvm-cirrus-fix-oob-access-in-mode4and5-write-functions.patch [bz#1501294]
- Resolves: bz#1501294
(CVE-2017-15289 qemu-kvm: Qemu: cirrus: OOB access issue in mode4and5 write functions [rhel-7.4.z])


Related CVEs


CVE-2017-14167
CVE-2017-15289

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) qemu-kvm-1.5.3-141.el7_4.4.src.rpmbc6c3faa2a097057a984048136f8bdcfELBA-2021-9161
qemu-img-1.5.3-141.el7_4.4.x86_64.rpmc756ea252ac6587b06e9d22aa264cb0bELBA-2021-9161
qemu-kvm-1.5.3-141.el7_4.4.x86_64.rpmf92bb1dbdab2ef800178907aa0221449ELBA-2021-9161
qemu-kvm-common-1.5.3-141.el7_4.4.x86_64.rpm9f22f33cf787f11f11389cfef0468ba1ELSA-2021-0347
qemu-kvm-tools-1.5.3-141.el7_4.4.x86_64.rpm9db98c924a4fd4b809f22b1d831a355cELSA-2021-0347



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete