ELSA-2020-1116 - qemu-kvm security, bug fix, and enhancement update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2020-04-06 |
Description
[1.5.3-173.el7]
- kvm-tcp_emu-Fix-oob-access.patch [bz#1791560]
- kvm-slirp-use-correct-size-while-emulating-IRC-commands.patch [bz#1791560]
- kvm-slirp-use-correct-size-while-emulating-commands.patch [bz#1791560]
- Resolves: bz#1791560
(CVE-2020-7039 qemu-kvm: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() [rhel-7.8])
[1.5.3-172.el7]
- kvm-target-i386-Export-TAA_NO-bit-to-guests.patch [bz#1771961]
- kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch [bz#1771961]
- Resolves: bz#1771961
(CVE-2019-11135 qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-7.8])
[1.5.3-171.el7]
- kvm-i386-Add-new-model-of-Cascadelake-Server.patch [bz#1638471]
- kvm-i386-Disable-OSPKE-on-Cascadelake-Server.patch [bz#1638471]
- kvm-i386-remove-the-INTEL_PT-CPUID-bit-from-Cascadelake-.patch [bz#1638471]
- kvm-Add-missing-brackets-to-CPUID-0x80000008-code.patch [bz#1760607]
- Resolves: bz#1638471
([Intel 7.8 Feat] qemu-kvm Introduce Cascade Lake (CLX) cpu model)
- Resolves: bz#1760607
(Corrupted EAX values due to missing brackets at CPUID[0x800000008] code)
[1.5.3-170.el7]
- kvm-Using-ip_deq-after-m_free-might-read-pointers-from-a.patch [bz#1749735]
- kvm-target-i386-Merge-feature-filtering-checking-functio.patch [bz#1709971]
- kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch [bz#1709971]
- kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch [bz#1709971]
- kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch [bz#1709971]
- kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch [bz#1709971]
- kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch [bz#1709971]
- kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch [bz#1709971]
- kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch [bz#1709971]
- kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch [bz#1709971]
- kvm-Remove-arch-capabilities-deprecation.patch [bz#1709971]
- kvm-target-i386-add-MDS-NO-feature.patch [bz#1714791]
- Resolves: bz#1709971
([Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm)
- Resolves: bz#1714791
([Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm)
- Resolves: bz#1749735
(CVE-2019-15890 qemu-kvm: QEMU: Slirp: use-after-free during packet reassembly [rhel-7])
[1.5.3-169.el7]
- kvm-target-i386-Support-invariant-tsc-flag.patch [bz#1626871]
- kvm-target-i386-block-migration-and-savevm-if-invariant-.patch [bz#1626871]
- kvm-i386-Don-t-copy-host-virtual-address-limit.patch [bz#1706658]
- Resolves: bz#1626871
([RFE] request for using TscInvariant feature with qemu-kvm.)
- Resolves: bz#1706658
([Intel 7.8 Bug] qemu-kvm fail with 'err:kvm_init_vcpu() invalidate argumant' on ICX platform)
[1.5.3-168.el7]
- kvm-qxl-check-release-info-object.patch [bz#1712703]
- kvm-bswap.h-Remove-cpu_to_be16wu.patch [bz#1270166]
- kvm-net-Transmit-zero-UDP-checksum-as-0xFFFF.patch [bz#1270166]
- kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch [bz#1734749]
- Resolves: bz#1270166
(UDP packet checksum is not converted from 0x0000 to 0xffff with Qemu e1000 emulation.)
- Resolves: bz#1712703
(CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-7])
- Resolves: bz#1734749
(CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-7.8])
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
|
| Oracle Linux 7 (x86_64) | qemu-kvm-1.5.3-173.el7.src.rpm | 8a2a7a7c7c20965d2badc1554014d575 | ELBA-2021-9161 |
| qemu-img-1.5.3-173.el7.x86_64.rpm | 18137994501c67e689c7ec2267828e9f | ELBA-2021-9161 |
| qemu-kvm-1.5.3-173.el7.x86_64.rpm | 697d30eca1fd26d656688281e6f58fe0 | ELBA-2021-9161 |
| qemu-kvm-common-1.5.3-173.el7.x86_64.rpm | d06773c30f666454bfb2970cba39a58e | ELSA-2021-0347 |
| qemu-kvm-tools-1.5.3-173.el7.x86_64.rpm | 73d4017834c3b31e03eb60b6441ebe23 | ELSA-2021-0347 |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
