[El-errata] ELSA-2014-0927 Moderate: Oracle Linux 7 qemu-kvm security and bug fix update

Wed Jul 23 21:10:24 PDT 2014

Oracle Linux Security Advisory ELSA-2014-0927

https://access.redhat.com/errata/RHSA-2014:0927.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
libcacard-1.5.3-60.el7_0.5.i686.rpm
libcacard-1.5.3-60.el7_0.5.x86_64.rpm
libcacard-devel-1.5.3-60.el7_0.5.i686.rpm
libcacard-devel-1.5.3-60.el7_0.5.x86_64.rpm
libcacard-tools-1.5.3-60.el7_0.5.x86_64.rpm
qemu-guest-agent-1.5.3-60.el7_0.5.x86_64.rpm
qemu-img-1.5.3-60.el7_0.5.x86_64.rpm
qemu-kvm-1.5.3-60.el7_0.5.x86_64.rpm
qemu-kvm-common-1.5.3-60.el7_0.5.x86_64.rpm
qemu-kvm-tools-1.5.3-60.el7_0.5.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/qemu-kvm-1.5.3-60.el7_0.5.src.rpm

Description of changes:

[1.5.3-60.el7_0.5]
- kvm-Allow-mismatched-virtio-config-len.patch [bz#1095782]
- Resolves: bz#1095782
   (CVE-2014-0182 qemu-kvm: qemu: virtio: out-of-bounds buffer write on 
state load with invalid config_len [rhel-7.0.z])

[1.5.3-60.el7_0.4]
- kvm-zero-initialize-KVM_SET_GSI_ROUTING-input.patch [bz#1110693]
- kvm-skip-system-call-when-msi-route-is-unchanged.patch [bz#1110693]
- Resolves: bz#1110693
   (2x RHEL 5.10 VM running on RHEL 7 KVM have low TCP_STREAM throughput)

[1.5.3-60.el7_0.3]
- kvm-virtio-net-fix-buffer-overflow-on-invalid-state-load.patch 
[bz#1095677]
- kvm-virtio-net-out-of-bounds-buffer-write-on-load.patch [bz#1095684]
- kvm-virtio-net-out-of-bounds-buffer-write-on-invalid-sta.patch 
[bz#1095689]
- kvm-virtio-out-of-bounds-buffer-write-on-invalid-state-l.patch 
[bz#1095694]
- kvm-virtio-avoid-buffer-overrun-on-incoming-migration.patch [bz#1095737]
- kvm-virtio-scsi-fix-buffer-overrun-on-invalid-state-load.patch 
[bz#1095741]
- kvm-virtio-validate-config_len-on-load.patch [bz#1095782]
- kvm-virtio-validate-num_sg-when-mapping.patch [bz#1095765]
- kvm-virtio-allow-mapping-up-to-max-queue-size.patch [bz#1095765]
- kvm-vmstate-add-VMS_MUST_EXIST.patch [bz#1095706]
- kvm-vmstate-add-VMSTATE_VALIDATE.patch [bz#1095706]
- kvm-hpet-fix-buffer-overrun-on-invalid-state-load.patch [bz#1095706]
- kvm-hw-pci-pcie_aer.c-fix-buffer-overruns-on-invalid-sta.patch 
[bz#1095714]
- kvm-usb-sanity-check-setup_index-setup_len-in-post_load.patch [bz#1095746]
- kvm-usb-sanity-check-setup_index-setup_len-in-post_l2.patch [bz#1095746]
- kvm-usb-fix-up-post-load-checks.patch [bz#1096828]
- kvm-XBZRLE-Fix-qemu-crash-when-resize-the-xbzrle-cache.patch [bz#1110191]
- kvm-Provide-init-function-for-ram-migration.patch [bz#1110191]
- kvm-Init-the-XBZRLE.lock-in-ram_mig_init.patch [bz#1110191]
- kvm-XBZRLE-Fix-one-XBZRLE-corruption-issues.patch [bz#1110191]
- kvm-Count-used-RAMBlock-pages-for-migration_dirty_pages.patch [bz#1110189]
- kvm-qcow-correctly-propagate-errors.patch [bz#1097229]
- kvm-qcow1-Make-padding-in-the-header-explicit.patch [bz#1097229]
- kvm-qcow1-Check-maximum-cluster-size.patch [bz#1097229]
- kvm-qcow1-Validate-L2-table-size-CVE-2014-0222.patch [bz#1097229]
- kvm-qcow1-Validate-image-size-CVE-2014-0223.patch [bz#1097236]
- kvm-qcow1-Stricter-backing-file-length-check.patch [bz#1097236]
- kvm-char-restore-read-callback-on-a-reattached-hotplug-c.patch 
[bz#1110219]
- kvm-qcow2-Free-preallocated-zero-clusters.patch [bz#1110188]
- kvm-qemu-iotests-Discard-preallocated-zero-clusters.patch [bz#1110188]
- Resolves: bz#1095677
   (CVE-2013-4148 qemu-kvm: qemu: virtio-net: buffer overflow on invalid 
state load [rhel-7.0.z])
- Resolves: bz#1095684
   (CVE-2013-4149 qemu-kvm: qemu: virtio-net: out-of-bounds buffer write 
on load [rhel-7.0.z])
- Resolves: bz#1095689
   (CVE-2013-4150 qemu-kvm: qemu: virtio-net: out-of-bounds buffer write 
on invalid state load [rhel-7.0.z])
- Resolves: bz#1095694
   (CVE-2013-4151 qemu-kvm: qemu: virtio: out-of-bounds buffer write on 
invalid state load [rhel-7.0.z])
- Resolves: bz#1095706
   (CVE-2013-4527 qemu-kvm: qemu: hpet: buffer overrun on invalid state 
load [rhel-7.0.z])
- Resolves: bz#1095714
   (CVE-2013-4529 qemu-kvm: qemu: hw/pci/pcie_aer.c: buffer overrun on 
invalid state load [rhel-7.0.z])
- Resolves: bz#1095737
   (CVE-2013-6399 qemu-kvm: qemu: virtio: buffer overrun on incoming 
migration [rhel-7.0.z])
- Resolves: bz#1095741
   (CVE-2013-4542 qemu-kvm: qemu: virtio-scsi: buffer overrun on invalid 
state load [rhel-7.0.z])
- Resolves: bz#1095746
   (CVE-2013-4541 qemu-kvm: qemu: usb: insufficient sanity checking of 
setup_index+setup_len in post_load [rhel-7.0.z])
- Resolves: bz#1095765
   (CVE-2013-4535 CVE-2013-4536 qemu-kvm: qemu: virtio: insufficient 
validation of num_sg when mapping [rhel-7.0.z])
- Resolves: bz#1095782
   (CVE-2014-0182 qemu-kvm: qemu: virtio: out-of-bounds buffer write on 
state load with invalid config_len [rhel-7.0.z])
- Resolves: bz#1096828
   (CVE-2014-3461 qemu-kvm: Qemu: usb: fix up post load checks [rhel-7.0.z])
- Resolves: bz#1097229
   (CVE-2014-0222 qemu-kvm: Qemu: qcow1: validate L2 table size to avoid 
integer overflows [rhel-7.0.z])
- Resolves: bz#1097236
   (CVE-2014-0223 qemu-kvm: Qemu: qcow1: validate image size to avoid 
out-of-bounds memory access [rhel-7.0.z])
- Resolves: bz#1110188
   (qcow2 corruptions (leaked clusters after installing a rhel7 guest 
using virtio_scsi))
- Resolves: bz#1110189
   (migration can not finish with 1024k 'remaining ram' left after 
hotunplug 4 nics)
- Resolves: bz#1110191
   (Reduce the migrate cache size during migration causes qemu segment 
fault)
- Resolves: bz#1110219
   (Guest can't receive any character transmitted from host after hot 
unplugging virtserialport then hot plugging again)