ELSA-2019-2078

Описание

[1.5.3-167.el7]

• Reverting kvm-seccomp-set-the-seccomp-filter-to-all-threads.patch [bz#1618503]
• Resolves: bz#1618503 (qemu-kvm: Qemu: seccomp: blacklist is not applied to all threads [rhel-7])

[1.5.3-166.el7]

• kvm-seccomp-set-the-seccomp-filter-to-all-threads.patch [bz#1618503]
• Resolves: bz#1618503 (qemu-kvm: Qemu: seccomp: blacklist is not applied to all threads [rhel-7])

[1.5.3-165.el7]

• kvm-Fix-eax-for-cpuid-leaf-0x40000000.patch [bz#1709495]
• kvm-slirp-fix-big-little-endian-conversion-in-ident-prot.patch [bz#1669068]
• kvm-slirp-ensure-there-is-enough-space-in-mbuf-to-null-t.patch [bz#1669068]
• kvm-slirp-don-t-manipulate-so_rcv-in-tcp_emu.patch [bz#1669068]
• Resolves: bz#1669068 (CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu() [rhel-7.7])
• Resolves: bz#1709495 (Change CPUID[0x40000000].EAX from 0 to KVM_CPUID_FE...ATURES (0x40000001))

[1.5.3-164.el7]

• kvm-target-i386-define-md-clear-bit-rhel.patch [bz#1693217]
• Resolves: bz#1693217 (CVE-2018-12126 qemu-kvm: hardware: Microarchitectural Store Buffer Data Sampling [rhel-7.7] )

[1.5.3-163.el7]

• kvm-x86-cpu-Enable-CLDEMOTE-Demote-Cache-Line-cpu-featur.patch [bz#1537773]
• kvm-vfio-pci-Lazy-PBA-emulation.patch [bz#1459077]
• kvm-slirp-check-sscanf-result-when-emulating-ident.patch [bz#1689791]
• Resolves: bz#1459077 ([Intel 7.7 Bug] QEMU version in RHEL7.4 beta does not support KVM passthrough with WFR card)
• Resolves: bz#1537773 ([Intel 7.7 Feat] KVM Enabling SnowRidge new NIs - qemu-kvm)
• Resolves: bz#1689791 (CVE-2019-9824 qemu-kvm: QEMU: Slirp: information leakage in tcp_emu() due to uninitialized stack variables [rhel-7])

[1.5.3-162.el7]

• kvm-i386-Deprecate-arch-facilities-and-make-it-block-liv.patch [bz#1658407]
• kvm-Do-not-build-bluetooth-support.patch [bz#1654627]
• Resolves: bz#1654627 (Qemu: hw: bt: keep bt/* objects from building [rhel-7.7])
• Resolves: bz#1658407 (mode='host-model' VMs include broken 'arch-facilities' flag name [qemu-kvm])

[1.5.3-161.el7]

• kvm-Inhibit-ballooning-during-postcopy.patch [bz#1659229]
• kvm-balloon-Allow-multiple-inhibit-users.patch [bz#1659229]
• kvm-check-KVM_CAP_SYNC_MMU-with-kvm_vm_check_extensi.patch [bz#1659229]
• kvm-Use-inhibit-to-prevent-ballooning-without-synchr.patch [bz#1659229]
• kvm-vfio-Inhibit-ballooning-based-on-group-attachment-to.patch [bz#1659229]
• Resolves: bz#1659229 (Ballooning is incompatible with vfio assigned devices, but not prevented)