Oracle Linux Security Advisory ELSA-2022-9123
https://linux.oracle.com/errata/ELSA-2022-9123.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unb=
reakable Linux Network:
aarch64:
ivshmem-tools-4.2.1-15.el7.aarch64.rpm
qemu-4.2.1-15.el7.aarch64.rpm
qemu-block-gluster-4.2.1-15.el7.aarch64.rpm
qemu-block-iscsi-4.2.1-15.el7.aarch64.rpm
qemu-block-rbd-4.2.1-15.el7.aarch64.rpm
qemu-common-4.2.1-15.el7.aarch64.rpm
qemu-img-4.2.1-15.el7.aarch64.rpm
qemu-kvm-4.2.1-15.el7.aarch64.rpm
qemu-kvm-core-4.2.1-15.el7.aarch64.rpm
qemu-system-aarch64-4.2.1-15.el7.aarch64.rpm
qemu-system-aarch64-core-4.2.1-15.el7.aarch64.rpm
SRPMS:
https://oss.oracle.com/ol7/SRPMS-updates/qemu-4.2.1-15.el7.src.rpm
Related CVEs:
CVE-2021-3416
CVE-2021-20203
CVE-2021-20196
CVE-2021-4158
CVE-2021-3947
Description of changes:
[15:4.2.1-15.el7]
- Document CVE-2021-4158 and CVE-2021-3947 as fixed (Mark Kanda) [Orabug: =
33719302] [Orabug: 33754145] {CVE-2021-3947} {CVE-2021-4158}
- hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196 (Philippe=
Mathieu-Daud=E9) [Orabug: 32439466] {CVE-2021-20196}
- hw/block/fdc: Extract blk_create_empty_drive() (Philippe Mathieu-Daud=E9)=
[Orabug: 32439466] {CVE-2021-20196}
- net: vmxnet3: validate configuration values during activate (CVE-2021-202=
03) (Prasad J Pandit) [Orabug: 32559476] {CVE-2021-20203}
- lan9118: switch to use qemu_receive_packet() for loopback (Alexander Bule=
kov) [Orabug: 32560540] {CVE-2021-3416}
- pcnet: switch to use qemu_receive_packet() for loopback (Alexander Buleko=
v) [Orabug: 32560540] {CVE-2021-3416}
- rtl8139: switch to use qemu_receive_packet() for loopback (Alexander Bule=
kov) [Orabug: 32560540] {CVE-2021-3416}
- tx_pkt: switch to use qemu_receive_packet_iov() for loopback (Jason Wang)=
[Orabug: 32560540] {CVE-2021-3416}
- sungem: switch to use qemu_receive_packet() for loopback (Jason Wang) [O=
rabug: 32560540] {CVE-2021-3416}
- dp8393x: switch to use qemu_receive_packet() for loopback packet (Jason W=
ang) [Orabug: 32560540] {CVE-2021-3416}
- e1000: switch to use qemu_receive_packet() for loopback (Jason Wang) [Or=
abug: 32560540] {CVE-2021-3416}
- net: introduce qemu_receive_packet() (Jason Wang) [Orabug: 32560540] {C=
VE-2021-3416}
- target/i386: Populate x86_ext_save_areas offsets using cpuid where possib=
le (David Edmondson)
- target/i386: Observe XSAVE state area offsets (David Edmondson)
- target/i386: Make x86_ext_save_areas visible outside cpu.c (David Edmonds=
on)
- target/i386: Pass buffer and length to XSAVE helper (David Edmondson)
- target/i386: Clarify the padding requirements of X86XSaveArea (David Edmo=
ndson)
- target/i386: Consolidate the X86XSaveArea offset checks (David Edmondson)
- target/i386: Declare constants for XSAVE offsets (David Edmondson)
_______________________________________________
El-errata mailing list
[email protected]
https://oss.oracle.com/mailman/listinfo/el-errata
Oracle7: ELSA-2022-9123: qemu Important Security Update
Summary
Description of changes: [15:4.2.1-15.el7] - Document CVE-2021-4158 and CVE-2021-3947 as fixed (Mark Kanda) [Orabug: = 33719302] [Orabug: 33754145] {CVE-2021-3947} {CVE-2021-4158} - hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196 (Philippe= Mathieu-Daud=E9) [Orabug: 32439466] {CVE-2021-20196} - hw/block/fdc: Extract blk_create_empty_drive() (Philippe Mathieu-Daud=E9)= [Orabug: 32439466] {CVE-2021-20196} - net: vmxnet3: validate configuration values during activate (CVE-2021-202= 03) (Prasad J Pandit) [Orabug: 32559476] {CVE-2021-20203} - lan9118: switch to use qemu_receive_packet() for loopback (Alexander Bule= kov) [Orabug: 32560540] {CVE-2021-3416} - pcnet: switch to use qemu_receive_packet() for loopback (Alexander Buleko= v) [Orabug: 32560540] {CVE-2021-3416} - rtl8139: switch to use qemu_receive_packet() for loopback (Alexander Bule= kov) [Orabug: 32560540] {CVE-2021-3416} - tx_pkt: switch to use qemu_receive_packet_iov() for loopback (Jason Wang)= [Orabug: 32560540] {CVE-2021-3416} - sungem: switch to use qemu_receive_packet() for loopback (Jason Wang) [O= rabug: 32560540] {CVE-2021-3416} - dp8393x: switch to use qemu_receive_packet() for loopback packet (Jason W= ang) [Orabug: 32560540] {CVE-2021-3416} - e1000: switch to use qemu_receive_packet() for loopback (Jason Wang) [Or= abug: 32560540] {CVE-2021-3416} - net: introduce qemu_receive_packet() (Jason Wang) [Orabug: 32560540] {C= VE-2021-3416}
i386
le (David Edmondson) - target/i386: Observe XSAVE state area offsets (David Edmondson) - target/i386: Make x86_ext_save_areas visible outside cpu.c (David Edmonds= on) - target/i386: Pass buffer and length to XSAVE helper (David Edmondson) - target/i386: Clarify the padding requirements of X86XSaveArea (David Edmo= ndson) - target/i386: Consolidate the X86XSaveArea offset checks (David Edmondson) - target/i386: Declare constants for XSAVE offsets (David Edmondson)
x86_64
SRPMS
https://oss.oracle.com/ol7/SRPMS-updates/qemu-4.2.1-15.el7.src.rpm
Severity
Related CVEs:
CVE-2021-3416
CVE-2021-20203
CVE-2021-20196
CVE-2021-4158
CVE-2021-3947
News
HOWTOs
Features
What You Need to Know about the Sysrv-K Cryptomining Botnet in Less than a Minute
Strengthen Your Linux Endpoint Security & Zero Trust Strategy with Defense-in-Depth & Endpoint Encryption
Call for Contributors with Knowledge of Linux Firewalls!
How To Create a Transparent Proxy through the Tor Network to Protect Your Privacy Online with archtorify & kalitorify
You are Tracked Online - Why? And How To Avoid Being Tracked Online
About Us
Powered By
