ELSA-2023-12108

Опубликовано: 08 фев. 2023

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2023-12108: virt:kvm_utils security update (IMPORTANT)

libvirt [5.7.0-38.el8]

qemu: Don't report spurious errors from vCPU tid validation on hotunplug timeout (Shaleen Bathla) [Orabug: 34826758]
security: fix SELinux label generation logic (Daniel P. Berrange) [Orabug: 34773029] {CVE-2021-3631}
qemu: Set default qdisc before setting bandwidth (Michal Privoznik) [Orabug: 34724925]
qemu: Taint cpu host-passthrough only after migration (Cole Robinson) [Orabug: 34724925]

libvirt-python [5.7.0-38.el8]

Bump version number to 5.7.0-38 to match libvirt (Karl Heubaum)

qemu-kvm [4.2.1-24.el8]

hw/display/ati_2d: Fix buffer overflow in ati_2d_blt (CVE-2021-3638) (Philippe Mathieu-Daude) [Orabug: 33930374] {CVE-2021-3638}
tests/acpi: virt: update ACPI MADT and FADT binaries (Miguel Luis)
acpi: arm/virt: madt: bump to revision 4 accordingly to ACPI 6.0 Errata A (Miguel Luis)
acpi: arm/virt: madt: use build_append_int_noprefix() API to compose MADT table (Igor Mammedov)
acpi: madt: arm/x86: use acpi_table_begin()/acpi_table_end() instead of build_header() (Igor Mammedov)
hw/arm/virt-acpi-build:Remove dead assignment in build_madt() (Chen Qun)
acpi: build_fadt: adapt FADT table names (Miguel Luis)
acpi: fadt: support revision 6.0 of the ACPI specification (Miguel Luis)
tests/acpi: virt: allow acpi MADT and FADT changes (Miguel Luis)
Document CVE-2022-3165 as not applicable (Mark Kanda) [Orabug: 34713999] {CVE-2022-3165}
Document CVE-2022-1050 as not applicable (Mark Kanda) [Orabug: 34132133] {CVE-2022-1050}
hw/acpi/erst.c: Fix memory handling issues (Christian A. Ehrhardt) [Orabug: 34779472] {CVE-2022-4172}
vhost-vdpa: fix assert !virtio_net_get_subqueue(nc)->async_tx.elem in virtio_net_reset (Si-Wei Liu)
net/vhost-vdpa.c: Fix clang compilation failure (Peter Maydell)
vhost-vdpa: allow passing opened vhostfd to vhost-vdpa (Si-Wei Liu)
hw/acpi/aml-build: Improve scalability of PPTT generation (Yanan Wang)
tests/data/acpi/virt: update empty file for PPTT (Miguel Luis)
hw/arm/virt-acpi-build: Generate PPTT table (Yanan Wang)
tests/data/acpi/virt: Add an empty expected file for PPTT (Yanan Wang)
hw/acpi/aml-build: Add PPTT table (Andrew Jones)
hw/acpi/aml-build: Add Processor hierarchy node structure (Yanan Wang)
machine: Add SMP Sockets in CpuTopology (Babu Moger)
bios-tables-test: generate table for virt/DBG2 (Miguel Luis)
hw/arm/virt_acpi_build: Generate DBG2 table (Eric Auger)
tests/acpi: Add void table for virt/DBG2 bios-tables-test (Eric Auger)
tests/acpi: virt: update ACPI GTDT binaries (Miguel Luis) [Orabug: 34711916]
acpi: arm/virt: build_gtdt: fix invalid 64-bit physical addresses (Miguel Luis) [Orabug: 34711916]
tests/acpi: virt: allow acpi GTDT changes (Miguel Luis) [Orabug: 34711916]
acpi: fix OEM ID/OEM Table ID padding (Igor Mammedov) [Orabug: 34711916]
acpi: arm/virt: build_gtdt: use acpi_table_begin()/acpi_table_end() instead of build_header() (Igor Mammedov) [Orabug: 34711916]
acpi: add helper routines to initialize ACPI tables (Igor Mammedov) [Orabug: 34711916]
acpi: declare the default assignable value for the ACPI table header (Miguel Luis) [Orabug: 34711916]

[4.2.1-22.el8]

Revert 'block: Set the name of BlockBackend if possible' (Joe Jin) [Orabug: 34841102]
Revert 'iotests: Adjust 186.out to account for 'null' node-name' (Joe Jin) [Orabug: 34841102]

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module virt:kvm_utils is enabled

hivex

1.3.18-21.module+el8.7.0+20894+2d7709ab

hivex-devel

1.3.18-21.module+el8.7.0+20894+2d7709ab

libguestfs

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-bash-completion

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-benchmarking

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-devel

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-gfs2

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-gobject

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-gobject-devel

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-inspect-icons

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-java

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-java-devel

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-javadoc

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-man-pages-ja

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-man-pages-uk

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-rescue

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-rsync

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-tools

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-tools-c

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-winsupport

8.2-1.module+el8.7.0+20894+2d7709ab

libguestfs-xfs

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libiscsi

1.18.0-8.module+el8.7.0+20894+2d7709ab

libiscsi-devel

1.18.0-8.module+el8.7.0+20894+2d7709ab

libiscsi-utils

1.18.0-8.module+el8.7.0+20894+2d7709ab

libnbd

1.2.2-1.module+el8.7.0+20894+2d7709ab

libnbd-devel

1.2.2-1.module+el8.7.0+20894+2d7709ab

libvirt

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-admin

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-bash-completion

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-client

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-config-network

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-config-nwfilter

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-interface

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-network

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-nodedev

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-nwfilter

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-qemu

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-secret

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-storage

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-storage-core

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-storage-disk

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-storage-gluster

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-storage-iscsi

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-storage-iscsi-direct

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-storage-logical

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-storage-mpath

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-storage-rbd

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-storage-scsi

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-kvm

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-dbus

1.3.0-2.module+el8.7.0+20894+2d7709ab

libvirt-devel

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-docs

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-libs

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-lock-sanlock

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-nss

5.7.0-38.module+el8.7.0+20894+2d7709ab

lua-guestfs

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

nbdfuse

1.2.2-1.module+el8.7.0+20894+2d7709ab

nbdkit

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

nbdkit-bash-completion

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

nbdkit-basic-filters

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

nbdkit-basic-plugins

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

nbdkit-curl-plugin

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

nbdkit-devel

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

nbdkit-example-plugins

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

nbdkit-gzip-plugin

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

nbdkit-linuxdisk-plugin

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

nbdkit-python-plugin

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

nbdkit-server

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

nbdkit-ssh-plugin

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

nbdkit-xz-filter

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

netcf

0.2.8-12.module+el8.7.0+20894+2d7709ab

netcf-devel

0.2.8-12.module+el8.7.0+20894+2d7709ab

netcf-libs

0.2.8-12.module+el8.7.0+20894+2d7709ab

perl-Sys-Guestfs

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

perl-Sys-Virt

4.5.0-5.module+el8.7.0+20894+2d7709ab

perl-hivex

1.3.18-21.module+el8.7.0+20894+2d7709ab

python3-hivex

1.3.18-21.module+el8.7.0+20894+2d7709ab

python3-libguestfs

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

python3-libnbd

1.2.2-1.module+el8.7.0+20894+2d7709ab

python3-libvirt

5.7.0-38.module+el8.7.0+20894+2d7709ab

qemu-guest-agent

4.2.1-24.module+el8.7.0+20894+2d7709ab

qemu-img

4.2.1-24.module+el8.7.0+20894+2d7709ab

qemu-kvm

4.2.1-24.module+el8.7.0+20894+2d7709ab

qemu-kvm-block-curl

4.2.1-24.module+el8.7.0+20894+2d7709ab

qemu-kvm-block-gluster

4.2.1-24.module+el8.7.0+20894+2d7709ab

qemu-kvm-block-iscsi

4.2.1-24.module+el8.7.0+20894+2d7709ab

qemu-kvm-block-rbd

4.2.1-24.module+el8.7.0+20894+2d7709ab

qemu-kvm-block-ssh

4.2.1-24.module+el8.7.0+20894+2d7709ab

qemu-kvm-common

4.2.1-24.module+el8.7.0+20894+2d7709ab

qemu-kvm-core

4.2.1-24.module+el8.7.0+20894+2d7709ab

ruby-hivex

1.3.18-21.module+el8.7.0+20894+2d7709ab

ruby-libguestfs

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

supermin

5.1.19-10.module+el8.7.0+20894+2d7709ab

supermin-devel

5.1.19-10.module+el8.7.0+20894+2d7709ab

virt-dib

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

Oracle Linux x86_64

Module virt:kvm_utils is enabled

hivex

1.3.18-21.module+el8.7.0+20894+2d7709ab

hivex-devel

1.3.18-21.module+el8.7.0+20894+2d7709ab

libguestfs

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-bash-completion

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-benchmarking

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-devel

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-gfs2

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-gobject

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-gobject-devel

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-inspect-icons

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-java

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-java-devel

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-javadoc

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-man-pages-ja

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-man-pages-uk

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-rescue

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-rsync

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-tools

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-tools-c

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libguestfs-winsupport

8.2-1.module+el8.7.0+20894+2d7709ab

libguestfs-xfs

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

libiscsi

1.18.0-8.module+el8.7.0+20894+2d7709ab

libiscsi-devel

1.18.0-8.module+el8.7.0+20894+2d7709ab

libiscsi-utils

1.18.0-8.module+el8.7.0+20894+2d7709ab

libnbd

1.2.2-1.module+el8.7.0+20894+2d7709ab

libnbd-devel

1.2.2-1.module+el8.7.0+20894+2d7709ab

libvirt

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-admin

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-bash-completion

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-client

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-config-network

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-config-nwfilter

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-interface

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-network

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-nodedev

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-nwfilter

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-qemu

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-secret

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-storage

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-storage-core

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-storage-disk

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-storage-gluster

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-storage-iscsi

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-storage-iscsi-direct

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-storage-logical

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-storage-mpath

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-storage-rbd

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-driver-storage-scsi

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-daemon-kvm

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-dbus

1.3.0-2.module+el8.7.0+20894+2d7709ab

libvirt-devel

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-docs

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-libs

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-lock-sanlock

5.7.0-38.module+el8.7.0+20894+2d7709ab

libvirt-nss

5.7.0-38.module+el8.7.0+20894+2d7709ab

lua-guestfs

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

nbdfuse

1.2.2-1.module+el8.7.0+20894+2d7709ab

nbdkit

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

nbdkit-bash-completion

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

nbdkit-basic-filters

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

nbdkit-basic-plugins

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

nbdkit-curl-plugin

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

nbdkit-devel

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

nbdkit-example-plugins

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

nbdkit-gzip-plugin

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

nbdkit-linuxdisk-plugin

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

nbdkit-python-plugin

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

nbdkit-server

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

nbdkit-ssh-plugin

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

nbdkit-vddk-plugin

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

nbdkit-xz-filter

1.16.2-4.0.1.module+el8.7.0+20894+2d7709ab

netcf

0.2.8-12.module+el8.7.0+20894+2d7709ab

netcf-devel

0.2.8-12.module+el8.7.0+20894+2d7709ab

netcf-libs

0.2.8-12.module+el8.7.0+20894+2d7709ab

perl-Sys-Guestfs

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

perl-Sys-Virt

4.5.0-5.module+el8.7.0+20894+2d7709ab

perl-hivex

1.3.18-21.module+el8.7.0+20894+2d7709ab

python3-hivex

1.3.18-21.module+el8.7.0+20894+2d7709ab

python3-libguestfs

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

python3-libnbd

1.2.2-1.module+el8.7.0+20894+2d7709ab

python3-libvirt

5.7.0-38.module+el8.7.0+20894+2d7709ab

qemu-guest-agent

4.2.1-24.module+el8.7.0+20894+2d7709ab

qemu-img

4.2.1-24.module+el8.7.0+20894+2d7709ab

qemu-kvm

4.2.1-24.module+el8.7.0+20894+2d7709ab

qemu-kvm-block-curl

4.2.1-24.module+el8.7.0+20894+2d7709ab

qemu-kvm-block-gluster

4.2.1-24.module+el8.7.0+20894+2d7709ab

qemu-kvm-block-iscsi

4.2.1-24.module+el8.7.0+20894+2d7709ab

qemu-kvm-block-rbd

4.2.1-24.module+el8.7.0+20894+2d7709ab

qemu-kvm-block-ssh

4.2.1-24.module+el8.7.0+20894+2d7709ab

qemu-kvm-common

4.2.1-24.module+el8.7.0+20894+2d7709ab

qemu-kvm-core

4.2.1-24.module+el8.7.0+20894+2d7709ab

ruby-hivex

1.3.18-21.module+el8.7.0+20894+2d7709ab

ruby-libguestfs

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

seabios

1.13.0-2.module+el8.7.0+20894+2d7709ab

seabios-bin

1.13.0-2.module+el8.7.0+20894+2d7709ab

seavgabios-bin

1.13.0-2.module+el8.7.0+20894+2d7709ab

sgabios

0.20170427git-3.module+el8.7.0+20894+2d7709ab

sgabios-bin

0.20170427git-3.module+el8.7.0+20894+2d7709ab

supermin

5.1.19-10.module+el8.7.0+20894+2d7709ab

supermin-devel

5.1.19-10.module+el8.7.0+20894+2d7709ab

virt-dib

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

virt-v2v

1.40.2-28.0.4.module+el8.7.0+20894+2d7709ab

Связанные CVE

Ссылки на источники

Связанные уязвимости

ELSA-2023-12065

oracle-oval

больше 2 лет назад

ELSA-2023-12065: qemu security update (IMPORTANT)

ELSA-2023-12195

oracle-oval

больше 2 лет назад

ELSA-2023-12195: virt:kvm_utils2 security update (IMPORTANT)

SUSE-SU-2023:0671-1

suse-cvrf

больше 2 лет назад

Security update for qemu

CVE-2022-1050

CVSS3: 8.8

ubuntu

около 3 лет назад

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.

CVE-2022-1050

CVSS3: 8.2

redhat

больше 3 лет назад