ELSA-2018-4313

ELSA-2018-4313 - qemu security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2018-12-21

Description

[15:3.0.0-3.el7]
- monitor: guard iothread access by mon->use_io_thread (Wolfgang Bumiller) [Orabug: 29046045]
- monitor: delay monitor iothread creation (Wolfgang Bumiller) [Orabug: 29010480]
- Revert 'qmp: isolate responses into io thread' (Marc-Andre Lureau) [Orabug: 29010480]
- usb-mtp: outlaw slashes in filenames (Gerd Hoffmann) [Orabug: 29037012] {CVE-2018-16867}

[15:3.0.0-2.el7]
- vfio-pci: emit FAILOVER_PRIMARY_CHANGED event on guest behalf when unrealized (Si-Wei Liu) [Orabug: 29011784]
- vfio-pci: add FAILOVER_PRIMARY_CHANGED event to shorten downtime during failover (Si-Wei Liu) [Orabug: 29011776]
- virtio_net: Add support for 'Data Path Switching' during Live Migration. (Venu Busireddy) [Orabug: 28732921]
- parfait: Run static analysis when --with parfait specified (Liam Merwick) [Orabug: 28625099]
- parfait: add buildrpm/parfait-qemu.conf (Liam Merwick) [Orabug: 28625099]
- configure: Provide option to explicitly disable AVX2 (Liam Merwick) [Orabug: 28625099]
- lsi53c895a: convert to trace-events (Mark Cave-Ayland) [Orabug: 29011792]
- lsi: Reselection needed to remove pending commands from queue (George Kennedy) [Orabug: 28626593]
- lsi53c895a: check message length value is valid (Prasad J Pandit) [Orabug: 28873239] {CVE-2018-18849}
- 9p: fix QEMU crash when renaming files (Greg Kurz) [Orabug: 28971710] {CVE-2018-19489}
- 9p: take write lock on fid path updates (CVE-2018-19364) (Greg Kurz) [Orabug: 28957033] {CVE-2018-19364}
- nvme: fix out-of-bounds access to the CMB (Paolo Bonzini) [Orabug: 28885521] {CVE-2018-16847}
- kvm: x86: Fix kvm_arch_fixup_msi_route for remap-less case (Jan Kiszka) [Orabug: 28891193]
- i386: Add new model of Cascadelake-Server (Tao Xu) [Orabug: 28886460]
- i386: Add PKU on Skylake-Server CPU model (Tao Xu) [Orabug: 28886461]

Related CVEs

CVE-2018-16867

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory
Oracle Linux 7 (aarch64)	qemu-3.0.0-3.el7.src.rpm	01ee74228dc7a7d766306614311e12d3	ELBA-2021-9161
	ivshmem-tools-3.0.0-3.el7.aarch64.rpm	4e229758a69529c9e5eb7ae2350b877d	ELBA-2021-9161
	qemu-3.0.0-3.el7.aarch64.rpm	696e3c67830a95d681b922040af5ceec	ELBA-2021-9161
	qemu-block-gluster-3.0.0-3.el7.aarch64.rpm	cfa76715df77b420ecc6feb5efabed29	ELBA-2021-9161
	qemu-block-iscsi-3.0.0-3.el7.aarch64.rpm	b9a73955c653d0d34fc4a5099ca1fb85	ELBA-2021-9161
	qemu-block-rbd-3.0.0-3.el7.aarch64.rpm	6160bb6bb55acc05291fe91da196db8c	ELBA-2021-9161
	qemu-common-3.0.0-3.el7.aarch64.rpm	cab3e629e525e47152f3dda26191da8e	ELBA-2021-9161
	qemu-img-3.0.0-3.el7.aarch64.rpm	5d0c284bd5381ef19f22d419f6696465	ELBA-2021-9161
	qemu-kvm-3.0.0-3.el7.aarch64.rpm	27501e3e0ec9834cdaaeb183c555d829	ELBA-2021-9161
	qemu-kvm-core-3.0.0-3.el7.aarch64.rpm	e08a2846508005cb26904f77758550f8	ELBA-2021-9161
	qemu-system-aarch64-3.0.0-3.el7.aarch64.rpm	76aed19e3cf2a45775680e940bec5e40	ELBA-2021-9161
	qemu-system-aarch64-core-3.0.0-3.el7.aarch64.rpm	2dcbd519ccda30a626f11f8e37418d21	ELBA-2021-9161
Oracle Linux 7 (x86_64)	qemu-3.0.0-3.el7.src.rpm	01ee74228dc7a7d766306614311e12d3	ELBA-2021-9161
	qemu-3.0.0-3.el7.x86_64.rpm	263fcf57e60e3f623222211334afb8f6	ELBA-2021-9161
	qemu-block-gluster-3.0.0-3.el7.x86_64.rpm	05b2843d894f0a5f256e6b34370391cf	ELBA-2021-9161
	qemu-block-iscsi-3.0.0-3.el7.x86_64.rpm	bf86a4182dbc09165f9c22680de4ec7f	ELBA-2021-9161
	qemu-block-rbd-3.0.0-3.el7.x86_64.rpm	03e3cf81bbdb8d0aaa04894199adf553	ELBA-2021-9161
	qemu-common-3.0.0-3.el7.x86_64.rpm	0cdab4d1b6da0a14caf417a45c63a0c1	ELBA-2021-9161
	qemu-img-3.0.0-3.el7.x86_64.rpm	f29fd5559c2cd79747082db29d8ecacd	ELBA-2021-9161
	qemu-kvm-3.0.0-3.el7.x86_64.rpm	8dd9744b945ab3fe1c44242f41d5a23d	ELBA-2021-9161
	qemu-kvm-core-3.0.0-3.el7.x86_64.rpm	6526ead59608505c021d63e751d241d3	ELBA-2021-9161

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team