ELSA-2021-9425

ELSA-2021-9425 - qemu security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2021-08-17

Description

[15:4.2.1-11.el7]
- pvrdma: Fix the ring init error flow (CVE-2021-3608) (Marcel Apfelbaum) [Orabug: 33120142] {CVE-2021-3608}
- pvrdma: Ensure correct input on ring init (CVE-2021-3607) (Marcel Apfelbaum) [Orabug: 33120146] {CVE-2021-3607}
- hw/rdma: Fix possible mremap overflow in the pvrdma device (CVE-2021-3582) (Marcel Apfelbaum) [Orabug: 33120084] {CVE-2021-3582}
- vhost-user-gpu: reorder free calls. (Gerd Hoffmann) [Orabug: 32950701] {CVE-2021-3544}
- vhost-user-gpu: abstract vg_cleanup_mapping_iov (Li Qiang) [Orabug: 32950716] {CVE-2021-3546}
- vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' (CVE-2021-3546) (Li Qiang) [Orabug: 32950716] {CVE-2021-3546}
- vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing' (CVE-2021-3544) (Li Qiang) [Orabug: 32950701] {CVE-2021-3544}
- vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' (CVE-2021-3544) (Li Qiang) [Orabug: 32950701] {CVE-2021-3544}
- vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' (CVE-2021-3544) (Li Qiang) [Orabug: 32950701] {CVE-2021-3544}
- vhost-user-gpu: fix memory leak in vg_resource_attach_backing (CVE-2021-3544) (Li Qiang) [Orabug: 32950701] {CVE-2021-3544}
- vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' (CVE-2021-3544) (Li Qiang) [Orabug: 32950701] {CVE-2021-3544}
- vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info (CVE-2021-3545) (Li Qiang) [Orabug: 32950708] {CVE-2021-3545}
- usb: limit combined packets to 1 MiB (CVE-2021-3527) (Gerd Hoffmann) [Orabug: 32842778] {CVE-2021-3527}
- usb/redir: avoid dynamic stack allocation (CVE-2021-3527) (Gerd Hoffmann) [Orabug: 32842778] {CVE-2021-3527}
- mptsas: Remove unused MPTSASState 'pending' field (CVE-2021-3392) (Michael Tokarev) [Orabug: 32470463] {CVE-2021-3392}

Related CVEs

CVE-2021-3392

CVE-2021-3527

CVE-2021-3544

CVE-2021-3545

CVE-2021-3546

CVE-2021-3582

CVE-2021-3607

CVE-2021-3608

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory
Oracle Linux 7 (aarch64)	qemu-4.2.1-11.el7.src.rpm	073aedfd1c63954dfed7500babebd964	-
	ivshmem-tools-4.2.1-11.el7.aarch64.rpm	04b6b72a54012c78289444b937705b21	-
	qemu-4.2.1-11.el7.aarch64.rpm	47a2fe8a5848ebf3532f63885da02074	-
	qemu-block-gluster-4.2.1-11.el7.aarch64.rpm	91e5efc170669d5216900876e80c570f	-
	qemu-block-iscsi-4.2.1-11.el7.aarch64.rpm	0f2138469b21a4c3f6ee30b581e6ce75	-
	qemu-block-rbd-4.2.1-11.el7.aarch64.rpm	2da3be1fcea9178d38a340cad5655aba	-
	qemu-common-4.2.1-11.el7.aarch64.rpm	001279a23b49d295b6b0930748e9fde4	-
	qemu-img-4.2.1-11.el7.aarch64.rpm	6080daa8772c200cd9c0d97ba67a8960	-
	qemu-kvm-4.2.1-11.el7.aarch64.rpm	fad206157877882ad6a6d8a144bd5115	-
	qemu-kvm-core-4.2.1-11.el7.aarch64.rpm	db6ee5282f96fa47aba9c43e5681b06f	-
	qemu-system-aarch64-4.2.1-11.el7.aarch64.rpm	050c1777b476cfc2f7843be22dac5750	-
	qemu-system-aarch64-core-4.2.1-11.el7.aarch64.rpm	acf3afed19213377cac3a0221c4b948c	-
Oracle Linux 7 (x86_64)	qemu-4.2.1-11.el7.src.rpm	073aedfd1c63954dfed7500babebd964	-
	qemu-4.2.1-11.el7.x86_64.rpm	1c1cf8e13f30ca0fac423ded0b3da47a	-
	qemu-block-gluster-4.2.1-11.el7.x86_64.rpm	cdfdf603d4a5c0ce634b1d6a4a79688a	-
	qemu-block-iscsi-4.2.1-11.el7.x86_64.rpm	aa11ce897cd6132045dd2be6b848c1a5	-
	qemu-block-rbd-4.2.1-11.el7.x86_64.rpm	169bbe2ca14c0f5c490297d265e13042	-
	qemu-common-4.2.1-11.el7.x86_64.rpm	e91617d68b1168ccc9bf8fadc21d0bf3	-
	qemu-img-4.2.1-11.el7.x86_64.rpm	ec61a57c41e34f19f5a133db9f16b0cb	-
	qemu-kvm-4.2.1-11.el7.x86_64.rpm	7759373c6d1d892fe4bf4019ffc86eee	-
	qemu-kvm-core-4.2.1-11.el7.x86_64.rpm	88a074a55afe70a31e8011cad3b647fb	-
	qemu-system-x86-4.2.1-11.el7.x86_64.rpm	e9b75335417efeb7322034b7aa279326	-
	qemu-system-x86-core-4.2.1-11.el7.x86_64.rpm	31c81b41eb1175e87cdf44dec3590ea9	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team