ELSA-2018-2462 - qemu-kvm security and bug fix update
Type: | SECURITY |
Severity: | IMPORTANT |
Release Date: | 2018-08-16 |
Description
[1.5.3-156.el7_5.5]
- kvm-multiboot-bss_end_addr-can-be-zero.patch [bz#1549824]
- kvm-multiboot-Remove-unused-variables-from-multiboot.c.patch [bz#1549824]
- kvm-multiboot-Use-header-names-when-displaying-fields.patch [bz#1549824]
- kvm-multiboot-fprintf-stderr.-error_report.patch [bz#1549824]
- kvm-multiboot-Reject-kernels-exceeding-the-address-space.patch [bz#1549824]
- kvm-multiboot-Check-validity-of-mh_header_addr.patch [bz#1549824]
- kvm-slirp-remove-mbuf-m_hdr-m_dat-indirection.patch [bz#1586248]
- kvm-slirp-correct-size-computation-while-concatenating-m.patch [bz#1586248]
- Resolves: bz#1549824
(CVE-2018-7550 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.5.z])
- Resolves: bz#1586248
(CVE-2018-11806 qemu-kvm: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-7.5.z])
[1.5.3-156.el7_5.4]
- kvm-target-i386-introduce-kvm_put_one_msr.patch [bz#1596302]
- kvm-apic-fix-2.2-2.1-migration.patch [bz#1596302]
- kvm-x86-lapic-Load-LAPIC-state-at-post_load.patch [bz#1596302]
- kvm-apic-drop-debugging.patch [bz#1596302]
- kvm-apic-set-APIC-base-as-part-of-kvm_apic_put.patch [bz#1596302]
- Resolves: bz#1596302
(Windows 2012 Guest hangs after live migration with RTC clock stopped. [rhel-7.5.z])
Related CVEs
Updated Packages
Release/Architecture | Filename | MD5sum | Superseded By Advisory |
|
Oracle Linux 7 (x86_64) | qemu-kvm-1.5.3-156.el7_5.5.src.rpm | 52c97aa65d01dc27a0a67a311717bbe0 | ELBA-2021-9161 |
| qemu-img-1.5.3-156.el7_5.5.x86_64.rpm | 10765012099851abcb5a4eb3b6895ccb | ELBA-2021-9161 |
| qemu-kvm-1.5.3-156.el7_5.5.x86_64.rpm | d4d080ee081a2dd66567a81549ff52d9 | ELBA-2021-9161 |
| qemu-kvm-common-1.5.3-156.el7_5.5.x86_64.rpm | 3e940ce9c39305a2fce543464848515b | ELSA-2021-0347 |
| qemu-kvm-tools-1.5.3-156.el7_5.5.x86_64.rpm | cfb9690e8cc7b9bcc6b4184b3e5e289c | ELSA-2021-0347 |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team