ELSA-2021-9034

ELSA-2021-9034 - qemu security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2021-02-08

Description


[15:4.2.1-4.el7]
- Document CVE-2020-25723 as fixed (Mark Kanda) [Orabug: 32222397] {CVE-2020-25084} {CVE-2020-25723}
- hw/net/e1000e: advance desc_offset in case of null descriptor (Prasad J Pandit) [Orabug: 32217517] {CVE-2020-28916}
- i386: Add 2nd Generation AMD EPYC processors (Moger, Babu) [Orabug: 32217570]
- libslirp: Update version to include CVE fixes (Mark Kanda) [Orabug: 32208456] [Orabug: 32208462] {CVE-2020-29129} {CVE-2020-29130}
- Document CVE-2020-25624 as fixed (Mark Kanda) [Orabug: 32212527] {CVE-2020-25624} {CVE-2020-25625}
- pvpanic: Advertise the PVPANIC_CRASHLOADED event support (Paolo Bonzini) [Orabug: 32102853]
- ati: check x y display parameter values (Prasad J Pandit) [Orabug: 32108251] {CVE-2020-27616}
- Add AArch64 support for QMP regdump tool and sosreport plugin (Mark Kanda) [Orabug: 32080658]
- Add qemu_regdump sosreport plugin support for '-mon' QMP sockets (Mark Kanda)
- migration/dirtyrate: present dirty rate only when querying the rate has completed (Chuan Zheng)
- migration/dirtyrate: record start_time and calc_time while at the measuring state (Chuan Zheng)
- migration/dirtyrate: Add trace_calls to make it easier to debug (Chuan Zheng)
- migration/dirtyrate: Implement qmp_cal_dirty_rate()/qmp_get_dirty_rate() function (Chuan Zheng)
- migration/dirtyrate: Implement calculate_dirtyrate() function (Chuan Zheng)
- migration/dirtyrate: Implement set_sample_page_period() and is_sample_period_valid() (Chuan Zheng)
- migration/dirtyrate: skip sampling ramblock with size below MIN_RAMBLOCK_SIZE (Chuan Zheng)
- migration/dirtyrate: Compare page hash results for recorded sampled page (Chuan Zheng)
- migration/dirtyrate: Record hash results for each sampled page (Chuan Zheng)
- migration/dirtyrate: move RAMBLOCK_FOREACH_MIGRATABLE into ram.h (Chuan Zheng)
- migration/dirtyrate: Add dirtyrate statistics series functions (Chuan Zheng)
- migration/dirtyrate: Add RamblockDirtyInfo to store sampled page info (Chuan Zheng)
- migration/dirtyrate: add DirtyRateStatus to denote calculation status (Chuan Zheng)
- migration/dirtyrate: setup up query-dirtyrate framwork (Chuan Zheng)
- ram_addr: Split RAMBlock definition (Juan Quintela)

[15:4.2.1-3.el7]
- qemu-kvm.spec: Install block storage module RPMs by default (Karl Heubaum) [Orabug: 31943789]
- qemu-kvm.spec: Enable block-ssh module RPM (Karl Heubaum) [Orabug: 31943763]
- hw: usb: hcd-ohci: check for processed TD before retire (Prasad J Pandit) [Orabug: 31901690] {CVE-2020-25625}
- hw: usb: hcd-ohci: check len and frame_number variables (Prasad J Pandit) [Orabug: 31901690] {CVE-2020-25625}
- hw: ehci: check return value of 'usb_packet_map' (Li Qiang) [Orabug: 31901649] {CVE-2020-25084}
- hw: xhci: check return value of 'usb_packet_map' (Li Qiang) [Orabug: 31901649] {CVE-2020-25084}
- qemu.spec: Enable '-Werror' for OL7 builds (Mark Kanda) [Orabug: 31922718]
- usb: fix setup_len init (CVE-2020-14364) (Gerd Hoffmann) [Orabug: 31848849] {CVE-2020-14364}
- Document CVE-2020-12829 and CVE-2020-14415 as fixed (Mark Kanda) [Orabug: 31855502] [Orabug: 31855427] {CVE-2020-12829} {CVE-2020-14415}

[15:4.2.1-2.el7]
- hw/net/xgmac: Fix buffer overflow in xgmac_enet_send() (Mauro Matteo Cascella) [Orabug: 31667649] {CVE-2020-15863}
- hw/net/net_tx_pkt: fix assertion failure in net_tx_pkt_add_raw_fragment() (Mauro Matteo Cascella) [Orabug: 31737809] {CVE-2020-16092}
- migration: fix memory leak in qmp_migrate_set_parameters (Zheng Chuan) [Orabug: 31806256]
- virtio-net: fix removal of failover device (Juan Quintela) [Orabug: 31806255]
- pvpanic: implement crashloaded event handling (Zhenwei Pi) [Orabug: 31677154]
- pvpanic: introduce crashloaded for pvpanic (Zhenwei Pi) [Orabug: 31677154]

[15:4.2.1-1.el7]
- hw/sd/sdcard: Do not switch to ReceivingData if address is invalid (Philippe Mathieu-Daude) [Orabug: 31414336] {CVE-2020-13253}
- hw/sd/sdcard: Update coding style to make checkpatch.pl happy (Philippe Mathieu-Daude) [Orabug: 31414336]
- hw/sd/sdcard: Do not allow invalid SD card sizes (Philippe Mathieu-Daude) [Orabug: 31414336] {CVE-2020-13253}
- hw/sd/sdcard: Simplify realize() a bit (Philippe Mathieu-Daude) [Orabug: 31414336]
- hw/sd/sdcard: Restrict Class 6 commands to SCSD cards (Philippe Mathieu-Daude) [Orabug: 31414336]
- libslirp: Update to v4.3.1 to fix CVE-2020-10756 (Karl Heubaum) [Orabug: 31604999] {CVE-2020-10756}
- Document CVEs as fixed 2/2 (Karl Heubaum) [Orabug: 30618035] {CVE-2017-18043} {CVE-2018-10839} {CVE-2018-11806} {CVE-2018-12617} {CVE-2018-15746} {CVE-2018-16847} {CVE-2018-16867} {CVE-2018-17958} {CVE-2018-17962} {CVE-2018-17963} {CVE-2018-18849} {CVE-2018-19364} {CVE-2018-19489} {CVE-2018-3639} {CVE-2018-5683} {CVE-2018-7550} {CVE-2018-7858} {CVE-2019-12068} {CVE-2019-15034} {CVE-2019-15890} {CVE-2019-20382} {CVE-2020-10702} {CVE-2020-10761} {CVE-2020-11102} {CVE-2020-11869} {CVE-2020-13361} {CVE-2020-13765} {CVE-2020-13800} {CVE-2020-1711} {CVE-2020-1983} {CVE-2020-8608}
- Document CVEs as fixed 1/2 (Karl Heubaum) [Orabug: 30618035] {CVE-2017-10806} {CVE-2017-11334} {CVE-2017-12809} {CVE-2017-13672} {CVE-2017-13673} {CVE-2017-13711} {CVE-2017-14167} {CVE-2017-15038} {CVE-2017-15119} {CVE-2017-15124} {CVE-2017-15268} {CVE-2017-15289} {CVE-2017-16845} {CVE-2017-17381} {CVE-2017-18030} {CVE-2017-2630} {CVE-2017-2633} {CVE-2017-5715} {CVE-2017-5753} {CVE-2017-5754} {CVE-2017-5931} {CVE-2017-6058} {CVE-2017-7471} {CVE-2017-7493} {CVE-2017-8112} {CVE-2017-8309} {CVE-2017-8379} {CVE-2017-8380} {CVE-2017-9503} {CVE-2017-9524} {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2018-16872} {CVE-2018-20123} {CVE-2018-20124} {CVE-2018-20125} {CVE-2018-20126} {CVE-2018-20191} {CVE-2018-20216} {CVE-2018-20815} {CVE-2019-11091} {CVE-2019-12155} {CVE-2019-14378} {CVE-2019-3812} {CVE-2019-5008} {CVE-2019-6501} {CVE-2019-6778} {CVE-2019-8934} {CVE-2019-9824}
- qemu-kvm.spec: Add .spec file for OL8 (Karl Heubaum) [Orabug: 30618035]
- qemu.spec: Add .spec file for OL7 (Karl Heubaum) [Orabug: 30618035]
- qemu-submodule-init: Add Git submodule init script (Karl Heubaum) [Orabug: 30618035]
- vhost.conf: Initial vhost.conf (Karl Heubaum) [Orabug: 30618035]
- parfait: Add buildrpm/parfait-qemu.conf (Karl Heubaum) [Orabug: 30618035]
- virtio: Set PCI subsystem vendor ID to Oracle (Karl Heubaum) [Orabug: 30618035]
- qemu_regdump.py: Initial qemu_regdump.py (Karl Heubaum) [Orabug: 30618035]
- qmp-regdump: Initial qmp-regdump (Karl Heubaum) [Orabug: 30618035]
- bridge.conf: Initial bridge.conf (Karl Heubaum) [Orabug: 30618035]
- kvm.conf: Initial kvm.conf (Karl Heubaum) [Orabug: 30618035]
- 80-kvm.rules: Initial 80-kvm.rules (Karl Heubaum) [Orabug: 30618035]
- exec: set map length to zero when returning NULL (Prasad J Pandit) [Orabug: 31439733] {CVE-2020-13659}
- megasas: use unsigned type for reply_queue_head and check index (Prasad J Pandit) [Orabug: 31414338] {CVE-2020-13362}
- memory: Revert 'memory: accept mismatching sizes in memory_region_access_valid' (Michael S. Tsirkin) [Orabug: 31439736] [Orabug: 31452202] {CVE-2020-13754} {CVE-2020-13791}

[15:4.1.1-3.el7]
- buildrpm/spec files: Dont package elf2dmp (Karl Heubaum) [Orabug: 31657424]
- qemu-kvm.spec: Enable the block-curl package (Karl Heubaum) [Orabug: 31657424]
- qemu.spec: enable have_curl in spec (Dongli Zhang) [Orabug: 31657424]

[15:4.1.1-2.el7]
- Document CVE-2020-13765 as fixed (Karl Heubaum) [Orabug: 31463250] {CVE-2020-13765}
- kvm: Reallocate dirty_bmap when we change a slot (Dr. David Alan Gilbert) [Orabug: 31076399]
- kvm: split too big memory section on several memslots (Igor Mammedov) [Orabug: 31076399]
- target/i386: do not set unsupported VMX secondary execution controls (Vitaly Kuznetsov) [Orabug: 31463710]
- target/i386: add VMX definitions (Paolo Bonzini) [Orabug: 31463710]
- ati-vga: check mm_index before recursive call (CVE-2020-13800) (Prasad J Pandit) [Orabug: 31452206] {CVE-2020-13800}
- es1370: check total frame count against current frame (Prasad J Pandit) [Orabug: 31463235] {CVE-2020-13361}
- ati-vga: Fix checks in ati_2d_blt() to avoid crash (BALATON Zoltan) [Orabug: 31238432] {CVE-2020-11869}
- libslirp: Update to stable-4.2 to fix CVE-2020-1983 (Karl Heubaum) [Orabug: 31241227] {CVE-2020-1983}
- Document CVEs as fixed (Karl Heubaum) {CVE-2019-12068} {CVE-2019-15034}
- libslirp: Update to version 4.2.0 to fix CVEs (Karl Heubaum) [Orabug: 30274592] [Orabug: 30869830] {CVE-2019-15890} {CVE-2020-8608}
- target/i386: add support for MSR_IA32_TSX_CTRL (Paolo Bonzini) [Orabug: 31124041]
- qemu-img: Add --target-is-zero to convert (David Edmondson)
- vnc: fix memory leak when vnc disconnect (Li Qiang) [Orabug: 30996427] {CVE-2019-20382}
- iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711) (Felipe Franciosi) [Orabug: 31124035] {CVE-2020-1711}
- qemu.spec: Remove 'BuildRequires: kernel' (Karl Heubaum) [Orabug: 31124047]

[15:4.1.1-1.el7]
- qemu-submodule-init: Add Git submodule init script


Related CVEs


CVE-2020-14364
CVE-2020-10756
CVE-2020-16092
CVE-2020-13754
CVE-2020-13362
CVE-2020-11102
CVE-2020-15863
CVE-2020-13791
CVE-2020-13659
CVE-2020-13253
CVE-2020-10702
CVE-2019-15034
CVE-2020-12829
CVE-2020-14415
CVE-2020-25625
CVE-2020-25084
CVE-2020-27616
CVE-2020-29129
CVE-2020-29130
CVE-2020-25624
CVE-2020-28916
CVE-2020-25723

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (aarch64) qemu-4.2.1-4.el7.src.rpmdc16b6f9b86c7d35636ff026607ecfdcELBA-2021-9161
ivshmem-tools-4.2.1-4.el7.aarch64.rpm40592321f56a6da4920946fbfd233a2dELBA-2021-9161
qemu-4.2.1-4.el7.aarch64.rpm5019525b8a2229aa76d1fac9ea6822d8ELBA-2021-9161
qemu-block-gluster-4.2.1-4.el7.aarch64.rpmb3c57bed059844f45ef1aa853fccef4eELBA-2021-9161
qemu-block-iscsi-4.2.1-4.el7.aarch64.rpm324efb24214b66791774e11e03652d17ELBA-2021-9161
qemu-block-rbd-4.2.1-4.el7.aarch64.rpmc19945996e4a992b1b54d79349a86419ELBA-2021-9161
qemu-common-4.2.1-4.el7.aarch64.rpmbe48d988ab2491a22ceff30f5614d090ELBA-2021-9161
qemu-img-4.2.1-4.el7.aarch64.rpmeeda62625765a241f8c3390101fdc836ELBA-2021-9161
qemu-kvm-4.2.1-4.el7.aarch64.rpm445f7af568f49928a5941af53993c2e2ELBA-2021-9161
qemu-kvm-core-4.2.1-4.el7.aarch64.rpmc3b0c9a967e67478e96eb8faad4382f9ELBA-2021-9161
qemu-system-aarch64-4.2.1-4.el7.aarch64.rpma14520002d95b94fee558c7e23369b36ELBA-2021-9161
qemu-system-aarch64-core-4.2.1-4.el7.aarch64.rpm6b8b37f91a3ac1af949de74b7a405db7ELBA-2021-9161
Oracle Linux 7 (x86_64) qemu-4.2.1-4.el7.src.rpmdc16b6f9b86c7d35636ff026607ecfdcELBA-2021-9161
qemu-4.2.1-4.el7.x86_64.rpm41fd939859834921ebcb75a6e3dc965bELBA-2021-9161
qemu-block-gluster-4.2.1-4.el7.x86_64.rpm9bec5774f59b3ba2e9dea7a26310d6c4ELBA-2021-9161
qemu-block-iscsi-4.2.1-4.el7.x86_64.rpm38f9d2d17b24e39446d426b3c847f776ELBA-2021-9161
qemu-block-rbd-4.2.1-4.el7.x86_64.rpmc752e63fa7117d7ac1ff5cbf805e8290ELBA-2021-9161
qemu-common-4.2.1-4.el7.x86_64.rpmde9d83abe7ff34ca33bca809d601c690ELBA-2021-9161
qemu-img-4.2.1-4.el7.x86_64.rpm81c03bebc024633e1452044daffcaad0ELBA-2021-9161
qemu-kvm-4.2.1-4.el7.x86_64.rpm133d18f0f42c2212be943055995869a6ELBA-2021-9161
qemu-kvm-core-4.2.1-4.el7.x86_64.rpmc08952efc9b808526d260ca65173daaeELBA-2021-9161
qemu-system-x86-4.2.1-4.el7.x86_64.rpma583c4165142de2ed7323c3b8722b009ELBA-2021-9161
qemu-system-x86-core-4.2.1-4.el7.x86_64.rpm266d9de14a38d549af467290bc8d0020ELBA-2021-9161



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete