ELSA-2017-0454

ELSA-2017-0454 - kvm security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2017-03-07

Description


[83-277.0.1.el5_11]
- Added kvm-add-oracle-workaround-for-libvirt-bug.patch
- Added kvm-Introduce-oel-machine-type.patch

[83-277.el5_11]
- kvm-Fix-hardware-accelerated-video-to-video-copy-on-Cirr.patch [bz#1421564]
- kvm-cirrus_vga-fix-division-by-0-for-color-expansion-rop.patch [bz#1421564]
- kvm-cirrus-fix-blit-region-check.patch [bz#1421564]
- kvm-cirrus-don-t-overflow-CirrusVGAState-cirrus_bltbuf.patch [bz#1421564]
- kvm-cirrus_vga-fix-off-by-one-in-blit_region_is_unsafe.patch [bz#1421564]
- kvm-display-cirrus-check-vga-bits-per-pixel-bpp-value.patch [bz#1421564]
- kvm-display-cirrus-ignore-source-pitch-value-as-needed-i.patch [bz#1421564]
- kvm-cirrus-handle-negative-pitch-in-cirrus_invalidate_re.patch [bz#1421564]
- kvm-cirrus-allow-zero-source-pitch-in-pattern-fill-rops.patch [bz#1421564]
- kvm-cirrus-fix-blit-address-mask-handling.patch [bz#1421564]
- kvm-cirrus-fix-oob-access-issue-CVE-2017-2615.patch [bz#1421564]
- kvm-cirrus-fix-patterncopy-checks.patch [bz#1421564]
- kvm-Revert-cirrus-allow-zero-source-pitch-in-pattern-fil.patch [bz#1421564]
- kvm-cirrus-add-blit_is_unsafe-call-to-cirrus_bitblt_cput.patch [bz#1421564]
- Resolves: bz#1421564
(CVE-2017-2615 kvm: Qemu: display: cirrus: oob access while doing bitblt copy backward mode [rhel-5.11.z])


Related CVEs


CVE-2017-2615
CVE-2017-2620

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 5 (x86_64) kvm-83-277.0.1.el5_11.src.rpm70b932d027e0a5d664dabb4719ede249-
kmod-kvm-83-277.0.1.el5_11.x86_64.rpma23cac177ce81631f0ce4b1a7cd292df-
kmod-kvm-debug-83-277.0.1.el5_11.x86_64.rpm12a4f951825a6ec60e478ce782df7395-
kvm-83-277.0.1.el5_11.x86_64.rpm68ed9980ff25f4f3a05536a922e3c9ad-
kvm-qemu-img-83-277.0.1.el5_11.x86_64.rpm85e31c1de44e12ce267377d531869356-
kvm-tools-83-277.0.1.el5_11.x86_64.rpmfb55b3672c3ba333ca3c523f2b022807-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete