ELSA-2020-3906

ELSA-2020-3906 - qemu-kvm security, bug fix, and enhancement update

Type:SECURITY
Severity:LOW
Release Date:2020-10-06

Description


[1.5.3-175.el7]
- kvm-vnc-fix-memory-leak-when-vnc-disconnect.patch [bz#1810408]
- Resolves: bz#1810408
(CVE-2019-20382 qemu-kvm: QEMU: vnc: memory leakage upon disconnect [rhel-7])

[1.5.3-174.el7]
- kvm-util-add-slirp_fmt-helpers2.patch [bz#1800515]
- kvm-tcp_emu-fix-unsafe-snprintf-usages2.patch [bz#1800515]
- kvm-slirp-disable-tcp_emu.patch [bz#1791679]
- kvm-gluster-Handle-changed-glfs_ftruncate-signature.patch [bz#1802215]
- kvm-gluster-the-glfs_io_cbk-callback-function-pointer-ad.patch [bz#1802215]
- kvm-seccomp-set-the-seccomp-filter-to-all-threads.patch [bz#1618503]
- Resolves: bz#1618503
(qemu-kvm: Qemu: seccomp: blacklist is not applied to all threads [rhel-7])
- Resolves: bz#1791679
(QEMU: Slirp: disable emulation of tcp programs like ftp IRC etc. [rhel-7])
- Resolves: bz#1800515
(CVE-2020-8608 qemu-kvm: QEMU: Slirp: potential OOB access due to unsafe snprintf() usages [rhel-7.9])
- Resolves: bz#1802215
(Add support for newer glusterfs)


Related CVEs


CVE-2018-15746
CVE-2019-20382

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) qemu-kvm-1.5.3-175.el7.src.rpm0af33c55052588875821c8e918b8533fELBA-2021-9161
qemu-img-1.5.3-175.el7.x86_64.rpm722f285ee06773ab8871e62f5dc6f0a8ELBA-2021-9161
qemu-kvm-1.5.3-175.el7.x86_64.rpm55ceabee2b658a2517df652c132c0ec9ELBA-2021-9161
qemu-kvm-common-1.5.3-175.el7.x86_64.rpm8ea7dfbba05eed7bc7c98709faa39695ELSA-2021-0347
qemu-kvm-tools-1.5.3-175.el7.x86_64.rpm6acc007f2860e833f78d5a72a817a7afELSA-2021-0347



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete