Описание
ELSA-2021-9109: qemu security update (IMPORTANT)
[15:4.2.1-5.el7]
- qemu.spec: use --tls-priority=NORMAL for OL7 (Elena Ufimtseva)
- hostmem: fix default 'prealloc-threads' count (Mark Kanda) [Orabug: 32472127]
- hostmem: introduce 'prealloc-threads' property (Igor Mammedov)
- qom: introduce object_register_sugar_prop (Paolo Bonzini)
- migration/multifd: Do error_free after migrate_set_error to avoid memleaks (Pan Nengyuan)
- multifd/tls: fix memoryleak of the QIOChannelSocket object when cancelling migration (Chuan Zheng)
- migration/multifd: fix hangup with TLS-Multifd due to blocking handshake (Chuan Zheng)
- migration/tls: add trace points for multifd-tls (Chuan Zheng)
- migration/tls: add support for multifd tls-handshake (Chuan Zheng)
- migration/tls: extract cleanup function for common-use (Chuan Zheng)
- migration/multifd: fix memleaks in multifd_new_send_channel_async (Pan Nengyuan)
- migration/multifd: fix nullptr access in multifd_send_terminate_threads (Zhimin Feng)
- migration/tls: add tls_hostname into MultiFDSendParams (Chuan Zheng)
- migration/tls: extract migration_tls_client_create for common-use (Chuan Zheng)
- migration/tls: save hostname into MigrationState (Chuan Zheng)
- tests/qtest: add a test case for pvpanic-pci (Mihai Carabas)
- pvpanic : update pvpanic spec document (Mihai Carabas)
- hw/misc/pvpanic: add PCI interface support (Mihai Carabas)
- hw/misc/pvpanic: split-out generic and bus dependent code (Mihai Carabas)
- 9pfs: Fully restart unreclaim loop (CVE-2021-20181) (Greg Kurz) [Orabug: 32441198] {CVE-2021-20181}
- ide: atapi: check logical block address and read size (CVE-2020-29443) (Prasad J Pandit) [Orabug: 32393835] {CVE-2020-29443}
- Document CVE-2019-20808 as fixed (Mark Kanda) [Orabug: 32339196] {CVE-2019-20808}
- block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl_cb (Chen Qun) [Orabug: 32339207] {CVE-2020-11947}
- net: remove an assert call in eth_get_gso_type (Prasad J Pandit) [Orabug: 32102583] {CVE-2020-27617}
- nvdimm: honor -object memory-backend-file, readonly=on option (Stefan Hajnoczi) [Orabug: 32265408]
- hostmem-file: add readonly=on|off option (Stefan Hajnoczi) [Orabug: 32265408]
- memory: add readonly support to memory_region_init_ram_from_file() (Stefan Hajnoczi) [Orabug: 32265408]
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
ivshmem-tools
4.2.1-5.el7
qemu
4.2.1-5.el7
qemu-block-gluster
4.2.1-5.el7
qemu-block-iscsi
4.2.1-5.el7
qemu-block-rbd
4.2.1-5.el7
qemu-common
4.2.1-5.el7
qemu-img
4.2.1-5.el7
qemu-kvm
4.2.1-5.el7
qemu-kvm-core
4.2.1-5.el7
qemu-system-aarch64
4.2.1-5.el7
qemu-system-aarch64-core
4.2.1-5.el7
Oracle Linux x86_64
qemu
4.2.1-5.el7
qemu-block-gluster
4.2.1-5.el7
qemu-block-iscsi
4.2.1-5.el7
qemu-block-rbd
4.2.1-5.el7
qemu-common
4.2.1-5.el7
qemu-img
4.2.1-5.el7
qemu-kvm
4.2.1-5.el7
qemu-kvm-core
4.2.1-5.el7
Ссылки на источники
Связанные уязвимости
In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.
In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.
In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.
In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA imp ...