ELSA-2016-2585

ELSA-2016-2585 - qemu-kvm security, bug fix, and enhancement update

Type:SECURITY
Severity:MODERATE
Release Date:2016-11-09

Description


[1.5.3-126.el7]
- kvm-virtio-recalculate-vq-inuse-after-migration.patch [bz#1376542]
- Resolves: bz#1376542
(RHSA-2016-1756 breaks migration of instances)

[1.5.3-125.el7]
- kvm-nbd-server-Set-O_NONBLOCK-on-client-fd.patch [bz#1285453]
- Resolves: bz#1285453
(An NBD client can cause QEMU main loop to block when connecting to built-in NBD server)

[1.5.3-124.el7]
- kvm-target-i386-Add-support-for-FEAT_7_0_ECX.patch [bz#1372459]
- kvm-target-i386-Add-more-Intel-AVX-512-instructions-supp.patch [bz#1372459]
- Resolves: bz#1372459
([Intel 7.3 Bug] SKL-SP Guest cpu doesnt support avx512 instruction sets(avx512bw, avx512dq and avx512vl) (qemu-kvm))

[1.5.3-123.el7]
- kvm-Fix-backport-of-target-i386-add-feature-flags-for-CP.patch [bz#1371619]
- kvm-Add-skip_dump-flag-to-ignore-memory-region-during-du.patch [bz#1373088]
- Resolves: bz#1371619
(Flags xsaveopt xsavec xgetbv1 are missing on qemu-kvm)
- Resolves: bz#1373088
([FJ7.3 Bug]: virsh dump with both --memory-only and --format option fails)

[1.5.3-122.el7]
- kvm-virtio-validate-the-existence-of-handle_output-befor.patch [bz#1367040]
- Resolves: bz#1367040
(QEMU crash when guest notifies non-existent virtqueue)

[1.5.3-121.el7]
- kvm-json-parser-drop-superfluous-assignment-for-token-va.patch [bz#1276036]
- kvm-qjson-Apply-nesting-limit-more-sanely.patch [bz#1276036]
- kvm-qjson-Don-t-crash-when-input-exceeds-nesting-limit.patch [bz#1276036]
- kvm-check-qjson-Add-test-for-JSON-nesting-depth-limit.patch [bz#1276036]
- kvm-qjson-Spell-out-some-silent-assumptions.patch [bz#1276036]
- kvm-qjson-Give-each-of-the-six-structural-chars-its-own-.patch [bz#1276036]
- kvm-qjson-Inline-token_is_keyword-and-simplify.patch [bz#1276036]
- kvm-qjson-Inline-token_is_escape-and-simplify.patch [bz#1276036]
- kvm-qjson-replace-QString-in-JSONLexer-with-GString.patch [bz#1276036]
- kvm-qjson-Convert-to-parser-to-recursive-descent.patch [bz#1276036]
- kvm-qjson-store-tokens-in-a-GQueue.patch [bz#1276036]
- kvm-qjson-surprise-allocating-6-QObjects-per-token-is-ex.patch [bz#1276036]
- kvm-qjson-Limit-number-of-tokens-in-addition-to-total-si.patch [bz#1276036]
- kvm-json-streamer-Don-t-leak-tokens-on-incomplete-parse.patch [bz#1276036]
- kvm-json-streamer-fix-double-free-on-exiting-during-a-pa.patch [bz#1276036]
- kvm-trace-remove-malloc-tracing.patch [bz#1360137]
- Resolves: bz#1276036
(Crash on QMP input exceeding limits)
- Resolves: bz#1360137
(GLib-WARNING **: gmem.c:482: custom memory allocation vtable not supported)

[1.5.3-120.el7]
- kvm-Add-install-dependency-to-newer-libusbx-version.patch [bz#1351106]
- kvm-virtio-error-out-if-guest-exceeds-virtqueue-size.patch [bz#1359729]
- Resolves: bz#1351106
(symbol lookup error: /usr/libexec/qemu-kvm: undefined symbol: libusb_get_port_numbers)
- Resolves: bz#1359729
(CVE-2016-5403 qemu-kvm: Qemu: virtio: unbounded memory allocation on host via guest leading to DoS [rhel-7.3])

[1.5.3-119.el7]
- kvm-qxl-factor-out-qxl_get_check_slot_offset.patch [bz#1355730]
- kvm-qxl-store-memory-region-and-offset-instead-of-pointe.patch [bz#1355730]
- kvm-qxl-fix-surface-migration.patch [bz#1355730]
- kvm-qxl-fix-qxl_set_dirty-call-in-qxl_dirty_one_surface.patch [bz#1355730]
- Resolves: bz#1355730
(spice-gtk shows outdated screen state after migration [qemu-kvm])

[1.5.3-118.el7]
- kvm-util-introduce-MIN_NON_ZERO.patch [bz#1318199]
- kvm-BlockLimits-introduce-max_transfer_length.patch [bz#1318199]
- kvm-block-backend-expose-bs-bl.max_transfer_length.patch [bz#1318199]
- kvm-scsi-generic-Merge-block-max-xfer-len-in-INQUIRY-res.patch [bz#1318199]
- kvm-raw-posix-Fetch-max-sectors-for-host-block-device.patch [bz#1318199]
- kvm-scsi-Advertise-limits-by-blocksize-not-512.patch [bz#1318199]
- kvm-util-Fix-MIN_NON_ZERO.patch [bz#1318199]
- Resolves: bz#1318199
(expose host BLKSECTGET limit in scsi-block (qemu-kvm))

[1.5.3-117.el7]
- kvm-target-i386-add-feature-flags-for-CPUID-EAX-0xd-ECX-.patch [bz#1327599]
- kvm-target-i386-add-Skylake-Client-cpu-model.patch [bz#1327599]
- Resolves: bz#1327599
(Add Skylake CPU model)

[1.5.3-116.el7]
- kvm-block-iscsi-avoid-potential-overflow-of-acb-task-cdb.patch [bz#1340929]
- Resolves: bz#1340929
(CVE-2016-5126 qemu-kvm: Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl [rhel-7.3])

[1.5.3-115.el7]
- kvm-spice-do-not-require-TCP-ports.patch [bz#1336491]
- kvm-vga-add-sr_vbe-register-set.patch [bz#1346982]
- Resolves: bz#1336491
(Ship FD connection patches qemu-kvm part)
- Resolves: bz#1346982
(Regression from CVE-2016-3712: windows installer fails to start)

[1.5.3-114.el7]
- kvm-hw-input-hid.c-Fix-capslock-hid-code.patch [bz#1256741]
- kvm-target-i386-fix-pcmpxstrx-equal-ordered-strstr-mode.patch [bz#1340971]
- kvm-spec-Update-rules-before-triggering-for-kvm-device.patch [bz#1333159]
- Resolves: bz#1256741
('CapsLock' will work as '\' when boot a guest with usb-kbd)
- Resolves: bz#1333159
(qemu-kvm doesnt reload udev rules before triggering for kvm device)
- Resolves: bz#1340971
(qemu: accel=tcg does not implement SSE 4 properly)

[1.5.3-113.el7]
- kvm-qxl-allow-to-specify-head-limit-to-qxl-driver.patch [bz#1283198]
- kvm-qxl-Fix-new-function-name-for-spice-server-library.patch [bz#1283198]
- kvm-block-raw-posix-Open-file-descriptor-O_RDWR-to-work-.patch [bz#1268345]
- Resolves: bz#1268345
(posix_fallocate emulation on NFS fails with Bad file descriptor if fd is opened O_WRONLY)
- Resolves: bz#1283198
(RFE: backport max monitor limitation from Qemu upstream)

[1.5.3-112.el7]
- kvm-virtio-scsi-Prevent-assertion-on-missed-events.patch [bz#1312289]
- kvm-seccomp-adding-sysinfo-system-call-to-whitelist.patch [bz#1177318]
- kvm-acpi-strip-compiler-info-in-built-in-DSDT.patch [bz#1330969]
- kvm-acpi-fix-endian-ness-for-table-ids.patch [bz#1330969]
- kvm-acpi-support-specified-oem-table-id-for-build_header.patch [bz#1330969]
- kvm-acpi-take-oem_id-in-build_header-optionally.patch [bz#1330969]
- kvm-acpi-expose-oem_id-and-oem_table_id-in-build_rsdt.patch [bz#1330969]
- kvm-acpi-add-function-to-extract-oem_id-and-oem_table_id.patch [bz#1330969]
- kvm-pc-set-the-OEM-fields-in-the-RSDT-and-the-FADT-from-.patch [bz#1330969]
- kvm-block-jobs-qemu-kvm-rhel-differentiation.patch [bz#1156635]
- Resolves: bz#1156635
(Libvirt is confused that qemu-kvm exposes 'block-job-cancel' but not 'block-stream')
- Resolves: bz#1177318
(Guest using rbd based image as disk failed to start when sandbox was enabled)
- Resolves: bz#1312289
('qemu-kvm: /builddir/build/BUILD/qemu-1.5.3/hw/scsi/virtio-scsi.c:533: virtio_scsi_push_event: Assertion 'event == 0' failed' after hotplug 20 virtio-scsi disks then hotunplug them)
- Resolves: bz#1330969
(match the OEM ID and OEM Table ID fields of the FADT and the RSDT to those of the SLIC)

[1.5.3-111.el7]
- kvm-vmdk-Leave-bdi-intact-if-ENOTSUP-in-vmdk_get_info.patch [bz#1299250]
- kvm-vmdk-Use-g_random_int-to-generate-CID.patch [bz#1299250]
- kvm-vmdk-Fix-comment-to-match-code-of-extent-lines.patch [bz#1299250]
- kvm-vmdk-Clean-up-descriptor-file-reading.patch [bz#1299250]
- kvm-vmdk-Check-descriptor-file-length-when-reading-it.patch [bz#1299250]
- kvm-vmdk-Remove-unnecessary-initialization.patch [bz#1299250]
- kvm-vmdk-Set-errp-on-failures-in-vmdk_open_vmdk4.patch [bz#1299250]
- kvm-block-vmdk-make-ret-variable-usage-clear.patch [bz#1299250]
- kvm-block-vmdk-move-string-allocations-from-stack-to-the.patch [bz#1299250]
- kvm-block-vmdk-fixed-sizeof-error.patch [bz#1299250]
- kvm-vmdk-Widen-before-shifting-32-bit-header-field.patch [bz#1299250]
- kvm-vmdk-Fix-next_cluster_sector-for-compressed-write.patch [bz#1299250]
- kvm-vmdk-Fix-index_in_cluster-calculation-in-vmdk_co_get.patch [bz#1299250]
- kvm-vmdk-Use-vmdk_find_index_in_cluster-everywhere.patch [bz#1299250]
- kvm-vmdk-Fix-next_cluster_sector-for-compressed-write2.patch [bz#1299250]
- kvm-vmdk-Create-streamOptimized-as-version-3.patch [bz#1299116]
- kvm-vmdk-Fix-converting-to-streamOptimized.patch [bz#1299116]
- kvm-vmdk-Fix-calculation-of-block-status-s-offset.patch [bz#1299116]
- Resolves: bz#1299116
(qemu-img created VMDK images lead to 'Not a supported disk format (sparse VMDK version too old)')
- Resolves: bz#1299250
(qemu-img created VMDK images are unbootable)

[1.5.3-110.el7]
- kvm-qemu-io-Remove-unused-args_command.patch [bz#1272523]
- kvm-cutils-Support-P-and-E-suffixes-in-strtosz.patch [bz#1272523]
- kvm-qemu-io-Make-cvtnum-a-wrapper-around-strtosz_suffix.patch [bz#1272523]
- kvm-qemu-io-Handle-cvtnum-errors-in-alloc.patch [bz#1272523]
- kvm-qemu-io-Don-t-use-global-bs-in-command-implementatio.patch [bz#1272523]
- kvm-qemu-io-Split-off-commands-to-qemu-io-cmds.c.patch [bz#1272523]
- kvm-qemu-io-Factor-out-qemuio_command.patch [bz#1272523]
- kvm-qemu-io-Move-help-function.patch [bz#1272523]
- kvm-qemu-io-Move-quit-function.patch [bz#1272523]
- kvm-qemu-io-Move-qemu_strsep-to-cutils.c.patch [bz#1272523]
- kvm-qemu-io-Move-functions-for-registering-and-running-c.patch [bz#1272523]
- kvm-qemu-io-Move-command_loop-and-friends.patch [bz#1272523]
- kvm-qemu-io-Move-remaining-helpers-from-cmd.c.patch [bz#1272523]
- kvm-qemu-io-Interface-cleanup.patch [bz#1272523]
- kvm-qemu-io-Use-the-qemu-version-for-V.patch [bz#1272523]
- kvm-Make-qemu-io-commands-available-in-HMP.patch [bz#1272523]
- kvm-blkdebug-Add-BLKDBG_FLUSH_TO_OS-DISK-events.patch [bz#1272523]
- kvm-qemu-io-fix-cvtnum-lval-types.patch [bz#1272523]
- kvm-qemu-io-Check-for-trailing-chars.patch [bz#1272523]
- kvm-qemu-io-Correct-error-messages.patch [bz#1272523]
- kvm-ide-test-fix-failure-for-test_flush.patch [bz#1272523]
- kvm-vga-Remove-some-should-be-done-in-BIOS-comments.patch [bz#1331413]
- kvm-vga-fix-banked-access-bounds-checking-CVE-2016-xxxx.patch [bz#1331413]
- kvm-vga-add-vbe_enabled-helper.patch [bz#1331413]
- kvm-vga-factor-out-vga-register-setup.patch [bz#1331413]
- kvm-vga-update-vga-register-setup-on-vbe-changes.patch [bz#1331413]
- kvm-vga-make-sure-vga-register-setup-for-vbe-stays-intac.patch [bz#1331413]
- Resolves: bz#1272523
(qemu-kvm build failure race condition in tests/ide-test)
- Resolves: bz#1331413
(EMBARGOED CVE-2016-3710 qemu-kvm: qemu: incorrect banked access bounds checking in vga module [rhel-7.3])

[1.5.3-109.el7]
- kvm-e1000-eliminate-infinite-loops-on-out-of-bounds-tran.patch [bz#1296044]
- kvm-nbd-Always-call-close_fn-in-nbd_client_new.patch [bz#1285453]
- kvm-nbd-server-Coroutine-based-negotiation.patch [bz#1285453]
- kvm-nbd-client_close-on-error-in-nbd_co_client_start.patch [bz#1285453]
- kvm-Remove-libcacard-build.patch [bz#1314153]
- Resolves: bz#1285453
(An NBD client can cause QEMU main loop to block when connecting to built-in NBD server)
- Resolves: bz#1296044
(qemu-kvm: insufficient loop termination conditions in start_xmit() and e1000_receive() [rhel-7.3])
- Resolves: bz#1314153
(Disable building of libcacard)

[1.5.3-108.el7]
- kvm-net-Make-qmp_query_rx_filter-with-name-argument-more.patch [bz#1269738]
- kvm-fw_cfg-add-check-to-validate-current-entry-value-CVE.patch [bz#1298048]
- Resolves: bz#1269738
(Vlan table display repeat four times in qmp when queues=4)
- Resolves: bz#1298048
(CVE-2016-1714 qemu-kvm: Qemu: nvram: OOB r/w access in processing firmware configurations [rhel-7.3])

[1.5.3-107.el7]
- kvm-raw-posix-Fix-.bdrv_co_get_block_status-for-unaligne.patch [bz#1283116]
- Resolves: bz#1283116
([abrt] qemu-img: get_block_status(): qemu-img killed by SIGABRT)

[1.5.3-106.el7]
- kvm-ehci-clear-suspend-bit-on-detach.patch [bz#1268879]
- kvm-rbd-make-qemu-s-cache-setting-override-any-ceph-sett.patch [bz#1277248]
- kvm-rbd-fix-ceph-settings-precedence.patch [bz#1277248]
- kvm-target-i386-get-put-MSR_TSC_AUX-across-reset-and-mig.patch [bz#1265427]
- kvm-rtl8139-Fix-receive-buffer-overflow-check.patch [bz#1252757]
- kvm-rtl8139-Do-not-consume-the-packet-during-overflow-in.patch [bz#1252757]
- Resolves: bz#1252757
([RHEL-7.2-qmu-kvm] Package is 100% lost when ping from host to Win2012r2 guest with 64000 size)
- Resolves: bz#1265427
(contents of MSR_TSC_AUX are not migrated)
- Resolves: bz#1268879
(Camera stops work after remote-viewer re-connection [qemu-kvm])
- Resolves: bz#1277248
(ceph.conf properties override qemus command-line properties)


Related CVEs


CVE-2016-3712
CVE-2016-1981

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) qemu-kvm-1.5.3-126.el7.src.rpm8ed2aa3d4af465e30ce7f08f2cedfe77ELBA-2021-9161
qemu-img-1.5.3-126.el7.x86_64.rpm6a552bf9337688ed35912dc2bb2899f7ELBA-2021-9161
qemu-kvm-1.5.3-126.el7.x86_64.rpm2809506309e73af329c745c6b1540841ELBA-2021-9161
qemu-kvm-common-1.5.3-126.el7.x86_64.rpm2eaaab5c2a5751fd2c05780663899006ELSA-2021-0347
qemu-kvm-tools-1.5.3-126.el7.x86_64.rpm3d211fe4c49f59f8cdd9225e1c90ca11ELSA-2021-0347



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete