ELSA-2015-1507

ELSA-2015-1507 - qemu-kvm security and bug fix update

Type:SECURITY
Severity:IMPORTANT
Release Date:2015-07-27

Description


[1.5.3-86.el7_1.5]
- kvm-i8254-fix-out-of-bounds-memory-access-in-pit_ioport_.patch [bz#1243726]
- Resolves: bz#1243726
(CVE-2015-3214 qemu-kvm: qemu: i8254: out-of-bounds memory access in pit_ioport_read function [rhel-7.1.z])

[1.5.3-86.el7_1.4]
- kvm-ide-Check-array-bounds-before-writing-to-io_buffer-C.patch [bz#1243689]
- kvm-ide-atapi-Fix-START-STOP-UNIT-command-completion.patch [bz#1243689]
- kvm-ide-Clear-DRQ-after-handling-all-expected-accesses.patch [bz#1243689]
- Resolves: bz#1243689
(EMBARGOED CVE-2015-5154 qemu-kvm: qemu: ide: atapi: heap overflow during I/O buffer memory access [rhel-7.1.z])

[1.5.3-86.el7_1.3]
- kvm-atomics-add-explicit-compiler-fence-in-__atomic-memo.patch [bz#1233643]
- Resolves: bz#1233643
([abrt] qemu-kvm: bdrv_error_action(): qemu-kvm killed by SIGABRT)


Related CVEs


CVE-2015-3214
CVE-2015-5154

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) qemu-kvm-1.5.3-86.el7_1.5.src.rpmb01e3ff87c722ebc920b8ea33768abc4ELSA-2017-2445
libcacard-1.5.3-86.el7_1.5.i686.rpm60948063fed68cdaff98e96d6b856ebfELEA-2016-2190
libcacard-1.5.3-86.el7_1.5.x86_64.rpme7a5eac86fa73f19446694e8def4083eELEA-2016-2190
libcacard-devel-1.5.3-86.el7_1.5.i686.rpm566ffa58f03605c839713fe1f5cb4305ELEA-2016-2190
libcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm3a169fad399cc1f186f71b334c21a7b2ELEA-2016-2190
libcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm33194d7f16a60f3445bef40e961a0384ELEA-2016-2190
qemu-img-1.5.3-86.el7_1.5.x86_64.rpm6429b927f76192b92f2778dc55a8bc15ELSA-2017-2445
qemu-kvm-1.5.3-86.el7_1.5.x86_64.rpmfe20c9585710a3f110eae1a822f6af2aELSA-2017-2445
qemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm757034029ca1891529c7219dd1cdbf58ELSA-2017-2445
qemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm7e6fa00a70ca9a38a1658754fdc68874ELSA-2017-2445



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete