ELSA-2018-2462

ELSA-2018-2462 - qemu-kvm security and bug fix update

Type:SECURITY
Severity:IMPORTANT
Release Date:2018-08-16

Description


[1.5.3-156.el7_5.5]
- kvm-multiboot-bss_end_addr-can-be-zero.patch [bz#1549824]
- kvm-multiboot-Remove-unused-variables-from-multiboot.c.patch [bz#1549824]
- kvm-multiboot-Use-header-names-when-displaying-fields.patch [bz#1549824]
- kvm-multiboot-fprintf-stderr.-error_report.patch [bz#1549824]
- kvm-multiboot-Reject-kernels-exceeding-the-address-space.patch [bz#1549824]
- kvm-multiboot-Check-validity-of-mh_header_addr.patch [bz#1549824]
- kvm-slirp-remove-mbuf-m_hdr-m_dat-indirection.patch [bz#1586248]
- kvm-slirp-correct-size-computation-while-concatenating-m.patch [bz#1586248]
- Resolves: bz#1549824
(CVE-2018-7550 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.5.z])
- Resolves: bz#1586248
(CVE-2018-11806 qemu-kvm: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-7.5.z])

[1.5.3-156.el7_5.4]
- kvm-target-i386-introduce-kvm_put_one_msr.patch [bz#1596302]
- kvm-apic-fix-2.2-2.1-migration.patch [bz#1596302]
- kvm-x86-lapic-Load-LAPIC-state-at-post_load.patch [bz#1596302]
- kvm-apic-drop-debugging.patch [bz#1596302]
- kvm-apic-set-APIC-base-as-part-of-kvm_apic_put.patch [bz#1596302]
- Resolves: bz#1596302
(Windows 2012 Guest hangs after live migration with RTC clock stopped. [rhel-7.5.z])


Related CVEs


CVE-2018-7550
CVE-2018-11806

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) qemu-kvm-1.5.3-156.el7_5.5.src.rpm52c97aa65d01dc27a0a67a311717bbe0ELBA-2021-9161
qemu-img-1.5.3-156.el7_5.5.x86_64.rpm10765012099851abcb5a4eb3b6895ccbELBA-2021-9161
qemu-kvm-1.5.3-156.el7_5.5.x86_64.rpmd4d080ee081a2dd66567a81549ff52d9ELBA-2021-9161
qemu-kvm-common-1.5.3-156.el7_5.5.x86_64.rpm3e940ce9c39305a2fce543464848515bELSA-2021-0347
qemu-kvm-tools-1.5.3-156.el7_5.5.x86_64.rpmcfb9690e8cc7b9bcc6b4184b3e5e289cELSA-2021-0347



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete