ELSA-2014-0927
- ULN >
- Oracle Linux Errata repository >
- ELSA-2014-0927
ELSA-2014-0927 - qemu-kvm security and bug fix update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2014-07-23 |
Description
[1.5.3-60.el7_0.5]
- kvm-Allow-mismatched-virtio-config-len.patch [bz#1095782]
- Resolves: bz#1095782
(CVE-2014-0182 qemu-kvm: qemu: virtio: out-of-bounds buffer write on state load with invalid config_len [rhel-7.0.z])
[1.5.3-60.el7_0.4]
- kvm-zero-initialize-KVM_SET_GSI_ROUTING-input.patch [bz#1110693]
- kvm-skip-system-call-when-msi-route-is-unchanged.patch [bz#1110693]
- Resolves: bz#1110693
(2x RHEL 5.10 VM running on RHEL 7 KVM have low TCP_STREAM throughput)
[1.5.3-60.el7_0.3]
- kvm-virtio-net-fix-buffer-overflow-on-invalid-state-load.patch [bz#1095677]
- kvm-virtio-net-out-of-bounds-buffer-write-on-load.patch [bz#1095684]
- kvm-virtio-net-out-of-bounds-buffer-write-on-invalid-sta.patch [bz#1095689]
- kvm-virtio-out-of-bounds-buffer-write-on-invalid-state-l.patch [bz#1095694]
- kvm-virtio-avoid-buffer-overrun-on-incoming-migration.patch [bz#1095737]
- kvm-virtio-scsi-fix-buffer-overrun-on-invalid-state-load.patch [bz#1095741]
- kvm-virtio-validate-config_len-on-load.patch [bz#1095782]
- kvm-virtio-validate-num_sg-when-mapping.patch [bz#1095765]
- kvm-virtio-allow-mapping-up-to-max-queue-size.patch [bz#1095765]
- kvm-vmstate-add-VMS_MUST_EXIST.patch [bz#1095706]
- kvm-vmstate-add-VMSTATE_VALIDATE.patch [bz#1095706]
- kvm-hpet-fix-buffer-overrun-on-invalid-state-load.patch [bz#1095706]
- kvm-hw-pci-pcie_aer.c-fix-buffer-overruns-on-invalid-sta.patch [bz#1095714]
- kvm-usb-sanity-check-setup_index-setup_len-in-post_load.patch [bz#1095746]
- kvm-usb-sanity-check-setup_index-setup_len-in-post_l2.patch [bz#1095746]
- kvm-usb-fix-up-post-load-checks.patch [bz#1096828]
- kvm-XBZRLE-Fix-qemu-crash-when-resize-the-xbzrle-cache.patch [bz#1110191]
- kvm-Provide-init-function-for-ram-migration.patch [bz#1110191]
- kvm-Init-the-XBZRLE.lock-in-ram_mig_init.patch [bz#1110191]
- kvm-XBZRLE-Fix-one-XBZRLE-corruption-issues.patch [bz#1110191]
- kvm-Count-used-RAMBlock-pages-for-migration_dirty_pages.patch [bz#1110189]
- kvm-qcow-correctly-propagate-errors.patch [bz#1097229]
- kvm-qcow1-Make-padding-in-the-header-explicit.patch [bz#1097229]
- kvm-qcow1-Check-maximum-cluster-size.patch [bz#1097229]
- kvm-qcow1-Validate-L2-table-size-CVE-2014-0222.patch [bz#1097229]
- kvm-qcow1-Validate-image-size-CVE-2014-0223.patch [bz#1097236]
- kvm-qcow1-Stricter-backing-file-length-check.patch [bz#1097236]
- kvm-char-restore-read-callback-on-a-reattached-hotplug-c.patch [bz#1110219]
- kvm-qcow2-Free-preallocated-zero-clusters.patch [bz#1110188]
- kvm-qemu-iotests-Discard-preallocated-zero-clusters.patch [bz#1110188]
- Resolves: bz#1095677
(CVE-2013-4148 qemu-kvm: qemu: virtio-net: buffer overflow on invalid state load [rhel-7.0.z])
- Resolves: bz#1095684
(CVE-2013-4149 qemu-kvm: qemu: virtio-net: out-of-bounds buffer write on load [rhel-7.0.z])
- Resolves: bz#1095689
(CVE-2013-4150 qemu-kvm: qemu: virtio-net: out-of-bounds buffer write on invalid state load [rhel-7.0.z])
- Resolves: bz#1095694
(CVE-2013-4151 qemu-kvm: qemu: virtio: out-of-bounds buffer write on invalid state load [rhel-7.0.z])
- Resolves: bz#1095706
(CVE-2013-4527 qemu-kvm: qemu: hpet: buffer overrun on invalid state load [rhel-7.0.z])
- Resolves: bz#1095714
(CVE-2013-4529 qemu-kvm: qemu: hw/pci/pcie_aer.c: buffer overrun on invalid state load [rhel-7.0.z])
- Resolves: bz#1095737
(CVE-2013-6399 qemu-kvm: qemu: virtio: buffer overrun on incoming migration [rhel-7.0.z])
- Resolves: bz#1095741
(CVE-2013-4542 qemu-kvm: qemu: virtio-scsi: buffer overrun on invalid state load [rhel-7.0.z])
- Resolves: bz#1095746
(CVE-2013-4541 qemu-kvm: qemu: usb: insufficient sanity checking of setup_index+setup_len in post_load [rhel-7.0.z])
- Resolves: bz#1095765
(CVE-2013-4535 CVE-2013-4536 qemu-kvm: qemu: virtio: insufficient validation of num_sg when mapping [rhel-7.0.z])
- Resolves: bz#1095782
(CVE-2014-0182 qemu-kvm: qemu: virtio: out-of-bounds buffer write on state load with invalid config_len [rhel-7.0.z])
- Resolves: bz#1096828
(CVE-2014-3461 qemu-kvm: Qemu: usb: fix up post load checks [rhel-7.0.z])
- Resolves: bz#1097229
(CVE-2014-0222 qemu-kvm: Qemu: qcow1: validate L2 table size to avoid integer overflows [rhel-7.0.z])
- Resolves: bz#1097236
(CVE-2014-0223 qemu-kvm: Qemu: qcow1: validate image size to avoid out-of-bounds memory access [rhel-7.0.z])
- Resolves: bz#1110188
(qcow2 corruptions (leaked clusters after installing a rhel7 guest using virtio_scsi))
- Resolves: bz#1110189
(migration can not finish with 1024k 'remaining ram' left after hotunplug 4 nics)
- Resolves: bz#1110191
(Reduce the migrate cache size during migration causes qemu segment fault)
- Resolves: bz#1110219
(Guest can't receive any character transmitted from host after hot unplugging virtserialport then hot plugging again)
Related CVEs
| CVE-2013-4148 |
| CVE-2013-4151 |
| CVE-2013-4535 |
| CVE-2013-4536 |
| CVE-2013-4541 |
| CVE-2013-4542 |
| CVE-2013-6399 |
| CVE-2014-0182 |
| CVE-2014-3461 |
| CVE-2013-4149 |
| CVE-2013-4150 |
| CVE-2013-4527 |
| CVE-2013-4529 |
| CVE-2014-0222 |
| CVE-2014-0223 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 7 (x86_64) | qemu-kvm-1.5.3-60.el7_0.5.src.rpm | f21f6c599a69b200f74477e4f071287c | ELBA-2021-9161 |
| libcacard-1.5.3-60.el7_0.5.i686.rpm | 4083bbdb29ce78fa5547b7ae801879cb | ELEA-2020-1159 | |
| libcacard-1.5.3-60.el7_0.5.x86_64.rpm | 242e1a1588dcd2cd32a8f7cd6c530a5b | ELEA-2020-1159 | |
| libcacard-devel-1.5.3-60.el7_0.5.i686.rpm | de32da1cefae36795e86b0e9881218d6 | ELEA-2020-1159 | |
| libcacard-devel-1.5.3-60.el7_0.5.x86_64.rpm | ae4812c378cfd2ab7b56bc993da94c17 | ELEA-2020-1159 | |
| libcacard-tools-1.5.3-60.el7_0.5.x86_64.rpm | f35b2e31ee38d0cc8bae03d599cf3291 | ELEA-2020-1159 | |
| qemu-guest-agent-1.5.3-60.el7_0.5.x86_64.rpm | 247212b75e95110f0e0909c9d8280f3e | ELBA-2019-2124 | |
| qemu-img-1.5.3-60.el7_0.5.x86_64.rpm | d265bd1d0485dd17d72a3e259cee9111 | ELBA-2021-9161 | |
| qemu-kvm-1.5.3-60.el7_0.5.x86_64.rpm | 618f68c8ebc2128270c7fed7bb3445cc | ELBA-2021-9161 | |
| qemu-kvm-common-1.5.3-60.el7_0.5.x86_64.rpm | 0e4ca2659f6ab6eec3a2f9925071e730 | ELSA-2021-0347 | |
| qemu-kvm-tools-1.5.3-60.el7_0.5.x86_64.rpm | 4b2051893f87da18f05519c07ef86b19 | ELSA-2021-0347 | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
