Oracle7: ELSA-2022-9669: qemu Important Security Update | LinuxSecu...
Oracle Linux Security Advisory ELSA-2022-9669

https://linux.oracle.com/errata/ELSA-2022-9669.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unb=
reakable Linux Network:

aarch64:
ivshmem-tools-4.2.1-18.el7.aarch64.rpm
qemu-4.2.1-18.el7.aarch64.rpm
qemu-block-gluster-4.2.1-18.el7.aarch64.rpm
qemu-block-iscsi-4.2.1-18.el7.aarch64.rpm
qemu-block-rbd-4.2.1-18.el7.aarch64.rpm
qemu-common-4.2.1-18.el7.aarch64.rpm
qemu-img-4.2.1-18.el7.aarch64.rpm
qemu-kvm-4.2.1-18.el7.aarch64.rpm
qemu-kvm-core-4.2.1-18.el7.aarch64.rpm
qemu-system-aarch64-4.2.1-18.el7.aarch64.rpm
qemu-system-aarch64-core-4.2.1-18.el7.aarch64.rpm


SRPMS:
https://oss.oracle.com/ol7/SRPMS-updates/qemu-4.2.1-18.el7.src.rpm

Related CVEs:

CVE-2021-3507
CVE-2021-4206
CVE-2021-4207




Description of changes:

[15:4.2.1-18.el7]
- block: introduce max_hw_iov for use in scsi-generic (Paolo Bonzini)  [Ora=
bug: 33785156]
- file-posix: try BLKSECTGET on block devices too, do not round to power of=
 2 (Paolo Bonzini)  [Orabug: 33785156]
- block: add max_hw_transfer to BlockLimits (Paolo Bonzini)  [Orabug: 33785=
156]
- block-backend: align max_transfer to request alignment (Paolo Bonzini)  [=
Orabug: 33785156]
- osdep: provide ROUND_DOWN macro (Paolo Bonzini)  [Orabug: 33785156]
- scsi-generic: pass max_segments via max_iov field in BlockLimits (Paolo B=
onzini)  [Orabug: 33785156]
- file-posix: fix max_iov for /dev/sg devices (Paolo Bonzini)  [Orabug: 337=
85156]
- display/qxl-render: fix race condition in qxl_cursor (CVE-2021-4207) (Mau=
ro Matteo Cascella)  [Orabug: 34049511]  {CVE-2021-4207}
- ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206) (Mauro Ma=
tteo Cascella)  [Orabug: 34049509]  {CVE-2021-4206}
- hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507) (Philippe Math=
ieu-Daud=E9)  [Orabug: 32860387]  {CVE-2021-3507}
- pc: q35: Bump max_cpus to 512 (Suravee Suthikulpanit)  [Orabug: 34314249]
- tests/qtest: fix pvpanic-pci-test (Mark Kanda)  [Orabug: 34284763]
- libqos: pci-pc: use 32-bit write for EJ register (Paolo Bonzini)  [Orabug=
: 34284758]
- libqos: usb-hcd-ehci: use 32-bit write for config register (Paolo Bonzini=
)  [Orabug: 34284768]
- target/i386/kvm: Fix disabling MPX on "-cpu host" with MPX-capable host (=
Maciej S. Szmigiero)  [Orabug: 33528615]
- i386: Mask SVM features if nested SVM is disabled (Eduardo Habkost)  [Ora=
bug: 33860224]
- ide: Cap LBA28 capacity announcement to 2^28-1 (Samuel Thibault)  [Orabug=
: 25327652]
- tests/acpi: update expected arm/virt tables (Mark Kanda)  [Orabug: 341328=
42]


_______________________________________________
El-errata mailing list
[email protected]
https://oss.oracle.com/mailman/listinfo/el-errata

Oracle7: ELSA-2022-9669: qemu Important Security Update

Summary

Description of changes: [15:4.2.1-18.el7] - block: introduce max_hw_iov for use in scsi-generic (Paolo Bonzini) [Ora= bug: 33785156] - file-posix: try BLKSECTGET on block devices too, do not round to power of= 2 (Paolo Bonzini) [Orabug: 33785156] - block: add max_hw_transfer to BlockLimits (Paolo Bonzini) [Orabug: 33785= 156] - block-backend: align max_transfer to request alignment (Paolo Bonzini) [= Orabug: 33785156] - osdep: provide ROUND_DOWN macro (Paolo Bonzini) [Orabug: 33785156] - scsi-generic: pass max_segments via max_iov field in BlockLimits (Paolo B= onzini) [Orabug: 33785156] - file-posix: fix max_iov for /dev/sg devices (Paolo Bonzini) [Orabug: 337= 85156] - display/qxl-render: fix race condition in qxl_cursor (CVE-2021-4207) (Mau= ro Matteo Cascella) [Orabug: 34049511] {CVE-2021-4207} - ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206) (Mauro Ma= tteo Cascella) [Orabug: 34049509] {CVE-2021-4206} - hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507) (Philippe Math= ieu-Daud=E9) [Orabug: 32860387] {CVE-2021-3507} - pc: q35: Bump max_cpus to 512 (Suravee Suthikulpanit) [Orabug: 34314249] - tests/qtest: fix pvpanic-pci-test (Mark Kanda) [Orabug: 34284763] - libqos: pci-pc: use 32-bit write for EJ register (Paolo Bonzini) [Orabug= : 34284758] - libqos: usb-hcd-ehci: use 32-bit write for config register (Paolo Bonzini= ) [Orabug: 34284768] - target/i386/kvm: Fix disabling MPX on "-cpu host" with MPX-capable host (= Maciej S. Szmigiero) [Orabug: 33528615]

i386

bug: 33860224] - ide: Cap LBA28 capacity announcement to 2^28-1 (Samuel Thibault) [Orabug= : 25327652] - tests/acpi: update expected arm/virt tables (Mark Kanda) [Orabug: 341328= 42]

x86_64

SRPMS

https://oss.oracle.com/ol7/SRPMS-updates/qemu-4.2.1-18.el7.src.rpm

Severity
Related CVEs: CVE-2021-3507 CVE-2021-4206 CVE-2021-4207

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.