ELSA-2019-2078

ELSA-2019-2078 - qemu-kvm security, bug fix, and enhancement update

Type:SECURITY
Severity:LOW
Release Date:2019-08-13

Description


[1.5.3-167.el7]
- Reverting kvm-seccomp-set-the-seccomp-filter-to-all-threads.patch [bz#1618503]
- Resolves: bz#1618503
(qemu-kvm: Qemu: seccomp: blacklist is not applied to all threads [rhel-7])

[1.5.3-166.el7]
- kvm-seccomp-set-the-seccomp-filter-to-all-threads.patch [bz#1618503]
- Resolves: bz#1618503
(qemu-kvm: Qemu: seccomp: blacklist is not applied to all threads [rhel-7])

[1.5.3-165.el7]
- kvm-Fix-eax-for-cpuid-leaf-0x40000000.patch [bz#1709495]
- kvm-slirp-fix-big-little-endian-conversion-in-ident-prot.patch [bz#1669068]
- kvm-slirp-ensure-there-is-enough-space-in-mbuf-to-null-t.patch [bz#1669068]
- kvm-slirp-don-t-manipulate-so_rcv-in-tcp_emu.patch [bz#1669068]
- Resolves: bz#1669068
(CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu() [rhel-7.7])
- Resolves: bz#1709495
(Change CPUID[0x40000000].EAX from 0 to KVM_CPUID_FE...ATURES (0x40000001))

[1.5.3-164.el7]
- kvm-target-i386-define-md-clear-bit-rhel.patch [bz#1693217]
- Resolves: bz#1693217
(CVE-2018-12126 qemu-kvm: hardware: Microarchitectural Store Buffer Data Sampling [rhel-7.7] )

[1.5.3-163.el7]
- kvm-x86-cpu-Enable-CLDEMOTE-Demote-Cache-Line-cpu-featur.patch [bz#1537773]
- kvm-vfio-pci-Lazy-PBA-emulation.patch [bz#1459077]
- kvm-slirp-check-sscanf-result-when-emulating-ident.patch [bz#1689791]
- Resolves: bz#1459077
([Intel 7.7 Bug] QEMU version in RHEL7.4 beta does not support KVM passthrough with WFR card)
- Resolves: bz#1537773
([Intel 7.7 Feat] KVM Enabling SnowRidge new NIs - qemu-kvm)
- Resolves: bz#1689791
(CVE-2019-9824 qemu-kvm: QEMU: Slirp: information leakage in tcp_emu() due to uninitialized stack variables [rhel-7])

[1.5.3-162.el7]
- kvm-i386-Deprecate-arch-facilities-and-make-it-block-liv.patch [bz#1658407]
- kvm-Do-not-build-bluetooth-support.patch [bz#1654627]
- Resolves: bz#1654627
(Qemu: hw: bt: keep bt/* objects from building [rhel-7.7])
- Resolves: bz#1658407
(mode='host-model' VMs include broken 'arch-facilities' flag name [qemu-kvm])

[1.5.3-161.el7]
- kvm-Inhibit-ballooning-during-postcopy.patch [bz#1659229]
- kvm-balloon-Allow-multiple-inhibit-users.patch [bz#1659229]
- kvm-check-KVM_CAP_SYNC_MMU-with-kvm_vm_check_extensi.patch [bz#1659229]
- kvm-Use-inhibit-to-prevent-ballooning-without-synchr.patch [bz#1659229]
- kvm-vfio-Inhibit-ballooning-based-on-group-attachment-to.patch [bz#1659229]
- Resolves: bz#1659229
(Ballooning is incompatible with vfio assigned devices, but not prevented)


Related CVEs


CVE-2019-9824

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) qemu-kvm-1.5.3-167.el7.src.rpm6c2ef4713199e8fda0b7ab5555722413ELBA-2021-9161
qemu-img-1.5.3-167.el7.x86_64.rpm5dcf5431e9fbf00ed8305b985493d1ecELBA-2021-9161
qemu-kvm-1.5.3-167.el7.x86_64.rpmea63f32a395fc113537839a888eb1713ELBA-2021-9161
qemu-kvm-common-1.5.3-167.el7.x86_64.rpmaacbbbcdf8559d31c19d011237aeb199ELSA-2021-0347
qemu-kvm-tools-1.5.3-167.el7.x86_64.rpmb452c02994d0c57f23806e0b441874f8ELSA-2021-0347



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete