[El-errata] ELSA-2014-0420 Moderate: Oracle Linux 6 qemu-kvm security update

Tue Apr 22 14:47:28 PDT 2014

Oracle Linux Security Advisory ELSA-2014-0420

https://rhn.redhat.com/errata/RHSA-2014-0420.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
qemu-guest-agent-0.12.1.2-2.415.el6_5.8.i686.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.415.el6_5.8.x86_64.rpm
qemu-img-0.12.1.2-2.415.el6_5.8.x86_64.rpm
qemu-kvm-0.12.1.2-2.415.el6_5.8.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.415.el6_5.8.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/qemu-kvm-0.12.1.2-2.415.el6_5.8.src.rpm

Description of changes:

[0.12.1.2-2.415.el6_5.8]
- kvm-virtio-net-fix-guest-triggerable-buffer-overrun.patch [bz#1078605 
bz#1078849]
- kvm-qcow2-Check-backing_file_offset-CVE-2014-0144.patch [bz#1079452 
bz#1079453]
- kvm-qcow2-Check-refcount-table-size-CVE-2014-0144.patch [bz#1079452 
bz#1079453]
- kvm-qcow2-Validate-refcount-table-offset.patch [bz#1079518 bz#1086678]
- kvm-qcow2-Validate-snapshot-table-offset-size-CVE-2014-0.patch 
[bz#1079452 bz#1079453]
- kvm-qcow2-Validate-active-L1-table-offset-and-size-CVE-2.patch 
[bz#1079452 bz#1079453]
- kvm-qcow2-Fix-backing-file-name-length-check.patch [bz#1079518 bz#1086678]
- kvm-qcow2-Don-t-rely-on-free_cluster_index-in-alloc_refc.patch 
[bz#1079337 bz#1079338]
- kvm-qcow2-Avoid-integer-overflow-in-get_refcount-CVE-201.patch 
[bz#1079318 bz#1079319]
- kvm-qcow2-Check-new-refcount-table-size-on-growth.patch [bz#1079518 
bz#1086678]
- kvm-qcow2-Fix-types-in-qcow2_alloc_clusters-and-alloc_cl.patch 
[bz#1079518 bz#1086678]
- kvm-qcow2-Protect-against-some-integer-overflows-in-bdrv.patch 
[bz#1079518 bz#1086678]
- kvm-qcow2-Catch-some-L1-table-index-overflows.patch [bz#1079518 
bz#1086678]
- kvm-qcow2-Fix-new-L1-table-size-check-CVE-2014-0143.patch [bz#1079318 
bz#1079319]
- kvm-qcow2-Fix-NULL-dereference-in-qcow2_open-error-path-.patch 
[bz#1079330 bz#1079331]
- kvm-qcow2-Limit-snapshot-table-size.patch [bz#1079518 bz#1086678]
- kvm-block-cloop-validate-block_size-header-field-CVE-201.patch 
[bz#1079452 bz#1079453]
- kvm-block-cloop-prevent-offsets_size-integer-overflow-CV.patch 
[bz#1079318 bz#1079319]
- kvm-block-cloop-refuse-images-with-huge-offsets-arrays-C.patch 
[bz#1079452 bz#1079453]
- kvm-block-cloop-Fix-coding-style.patch [bz#1079518 bz#1086678]
- kvm-cloop-Fix-bdrv_open-error-handling.patch [bz#1079518 bz#1086678]
- kvm-block-cloop-refuse-images-with-bogus-offsets-CVE-201.patch 
[bz#1079452 bz#1079453]
- kvm-block-cloop-Use-g_free-instead-of-free.patch [bz#1079518 bz#1086678]
- kvm-block-cloop-fix-offsets-size-off-by-one.patch [bz#1079518 bz#1086678]
- kvm-bochs-Fix-bdrv_open-error-handling.patch [bz#1079518 bz#1086678]
- kvm-bochs-Unify-header-structs-and-make-them-QEMU_PACKED.patch 
[bz#1079518 bz#1086678]
- kvm-bochs-Use-unsigned-variables-for-offsets-and-sizes-C.patch 
[bz#1079337 bz#1079338]
- kvm-bochs-Check-catalog_size-header-field-CVE-2014-0143.patch 
[bz#1079318 bz#1079319]
- kvm-bochs-Check-extent_size-header-field-CVE-2014-0142.patch 
[bz#1079313 bz#1079314]
- kvm-bochs-Fix-bitmap-offset-calculation.patch [bz#1079518 bz#1086678]
- kvm-vpc-vhd-add-bounds-check-for-max_table_entries-and-b.patch 
[bz#1079452 bz#1079453]
- kvm-vpc-Validate-block-size-CVE-2014-0142.patch [bz#1079313 bz#1079314]
- kvm-vdi-add-bounds-checks-for-blocks_in_image-and-disk_s.patch 
[bz#1079452 bz#1079453]
- kvm-vhdx-Bounds-checking-for-block_size-and-logical_sect.patch 
[bz#1079343 bz#1079344]
- kvm-curl-check-data-size-before-memcpy-to-local-buffer.-.patch 
[bz#1079452 bz#1079453]
- kvm-dmg-Fix-bdrv_open-error-handling.patch [bz#1079518 bz#1086678]
- kvm-dmg-coding-style-and-indentation-cleanup.patch [bz#1079518 bz#1086678]
- kvm-dmg-prevent-out-of-bounds-array-access-on-terminator.patch 
[bz#1079518 bz#1086678]
- kvm-dmg-drop-broken-bdrv_pread-loop.patch [bz#1079518 bz#1086678]
- kvm-dmg-use-appropriate-types-when-reading-chunks.patch [bz#1079518 
bz#1086678]
- kvm-dmg-sanitize-chunk-length-and-sectorcount-CVE-2014-0.patch 
[bz#1079323 bz#1079324]
- kvm-dmg-use-uint64_t-consistently-for-sectors-and-length.patch 
[bz#1079518 bz#1086678]
- kvm-dmg-prevent-chunk-buffer-overflow-CVE-2014-0145.patch [bz#1079323 
bz#1079324]
- kvm-block-Limit-request-size-CVE-2014-0143.patch [bz#1079318 bz#1079319]
- kvm-parallels-Fix-catalog-size-integer-overflow-CVE-2014.patch 
[bz#1079318 bz#1079319]
- kvm-parallels-Sanity-check-for-s-tracks-CVE-2014-0142.patch 
[bz#1079313 bz#1079314]
- kvm-bochs-Fix-memory-leak-in-bochs_open-error-path.patch [bz#1079518 
bz#1086678]
- kvm-bochs-Fix-catalog-size-check.patch [bz#1079518 bz#1086678]
- Resolves: bz#1078849
   (EMBARGOED CVE-2014-0150 qemu-kvm: qemu: virtio-net: buffer overflow 
in virtio_net_handle_mac() function [rhel-6.5.z])
- Resolves: bz#1079313
   (CVE-2014-0142 qemu-kvm: qemu: crash by possible division by zero 
[rhel-6.5.z])
- Resolves: bz#1079318
   (CVE-2014-0143 qemu-kvm: Qemu: block: multiple integer overflow flaws 
[rhel-6.5.z])
- Resolves: bz#1079323
   (CVE-2014-0145 qemu-kvm: Qemu: prevent possible buffer overflows 
[rhel-6.5.z])
- Resolves: bz#1079330
   (CVE-2014-0146 qemu-kvm: Qemu: qcow2: NULL dereference in 
qcow2_open() error path [rhel-6.5.z])
- Resolves: bz#1079337
   (CVE-2014-0147 qemu-kvm: Qemu: block: possible crash due signed types 
or logic error [rhel-6.5.z])
- Resolves: bz#1079343
   (CVE-2014-0148 qemu-kvm: Qemu: vhdx: bounds checking for block_size 
and logical_sector_size [rhel-6.5.z])
- Resolves: bz#1079452
   (CVE-2014-0144 qemu-kvm: Qemu: block: missing input validation 
[rhel-6.5.z])
- Resolves: bz#1086678
   (qemu-kvm: include leftover patches from block layer security audit)