[El-errata] ELSA-2016-0997 Important: Oracle Linux 6 qemu-kvm security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue May 17 13:57:06 PDT 2016 

Oracle Linux Security Advisory ELSA-2016-0997

http://linux.oracle.com/errata/ELSA-2016-0997.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
qemu-guest-agent-0.12.1.2-2.491.el6_8.1.i686.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.491.el6_8.1.x86_64.rpm
qemu-img-0.12.1.2-2.491.el6_8.1.x86_64.rpm
qemu-kvm-0.12.1.2-2.491.el6_8.1.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.491.el6_8.1.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/qemu-kvm-0.12.1.2-2.491.el6_8.1.src.rpm



Description of changes:

[0.12.1.2-2.491.el6_8.1]
- kvm-Add-vga.h-unmodified-from-Linux.patch [bz#1331407]
- kvm-vga.h-remove-unused-stuff-and-reformat.patch [bz#1331407]
- kvm-vga-use-constants-from-vga.h.patch [bz#1331407]
- kvm-vga-Remove-some-should-be-done-in-BIOS-comments.patch [bz#1331407]
- kvm-vga-fix-banked-access-bounds-checking-CVE-2016-3710.patch [bz#1331407]
- kvm-vga-add-vbe_enabled-helper.patch [bz#1331407]
- kvm-vga-factor-out-vga-register-setup.patch [bz#1331407]
- kvm-vga-update-vga-register-setup-on-vbe-changes.patch [bz#1331407]
- kvm-vga-make-sure-vga-register-setup-for-vbe-stays-intac.patch 
[bz#1331407]
- Resolves: bz#1331407
   (EMBARGOED CVE-2016-3710 qemu-kvm: qemu: incorrect banked access 
bounds checking in vga module [rhel-6.8.z])

[0.12.1.2-2.491.el6]
- Revert "warning when  CPU threads>1 for non-Intel CPUs" fix

[0.12.1.2-2.490.el6]
- kvm-qemu-ga-implement-win32-guest-set-user-password.patch [bz#1174181]
- kvm-util-add-base64-decoding-function.patch [bz#1174181]
- kvm-qga-convert-to-use-error-checked-base64-decode.patch [bz#1174181]
- kvm-qga-use-more-idiomatic-qemu-style-eol-operators.patch [bz#1174181]
- kvm-qga-use-size_t-for-wcslen-return-value.patch [bz#1174181]
- kvm-qga-use-wide-chars-constants-for-wchar_t-comparisons.patch 
[bz#1174181]
- kvm-qga-fix-off-by-one-length-check.patch [bz#1174181]
- kvm-qga-check-utf8-to-utf16-conversion.patch [bz#1174181]
- Resolves: bz#1174181
   (RFE: provide QEMU guest agent command for setting root account 
password (Linux guest))

[0.12.1.2-2.489.el6]
- kvm-hw-qxl-qxl_send_events-nop-if-stopped.patch [bz#1290743]
- kvm-block-mirror-fix-full-sync-mode-when-target-does-not.patch [bz#971312]
- Resolves: bz#1290743
   (qemu-kvm core dumped when repeat system_reset 20 times during guest 
boot)
- Resolves: bz#971312
   (block: Mirroring to raw block device doesn't zero out unused blocks)

* Mon Feb 08 2016 Miroslav Rezanina <mrezanin at redhat.com - 
0.12.1.2-2.488.el6
- Fixed qemu-ga path configuration [bz#1213233]
- Resolves: bz#1213233
   ([virtagent] The default path '/etc/qemu/fsfreeze-hook' for 
'fsfreeze-hook' script doesn't exist)

[0.12.1.2-2.487.el6]
- kvm-virtio-scsi-use-virtqueue_map_sg-when-loading-reques.patch 
[bz#1249740]
- kvm-scsi-disk-fix-cmd.mode-field-typo.patch [bz#1249740]
- Resolves: bz#1249740
   (Segfault occurred at Dst VM while completed migration upon ENOSPC)

[0.12.1.2-2.486.el6]
- kvm-blockdev-Error-out-on-negative-throttling-option-val.patch 
[bz#1294619]
- kvm-fw_cfg-add-check-to-validate-current-entry-value-CVE.patch 
[bz#1298046]
- Resolves: bz#1294619
   (Guest should failed to boot if set iops,bps to negative number)
- Resolves: bz#1298046
   (CVE-2016-1714 qemu-kvm: Qemu: nvram: OOB r/w access in processing 
firmware configurations [rhel-6.8])

[0.12.1.2-2.485.el6]
- kvm-Change-fsfreeze-hook-default-location.patch [bz#1213233]
- kvm-qxl-replace-pipe-signaling-with-bottom-half.patch [bz#1290743]
- Resolves: bz#1213233
   ([virtagent] The default path '/etc/qemu/fsfreeze-hook' for 
'fsfreeze-hook' script doesn't exist)
- Resolves: bz#1290743
   (qemu-kvm core dumped when repeat system_reset 20 times during guest 
boot)

[0.12.1.2-2.484.el6]
- kvm-qga-flush-explicitly-when-needed.patch [bz#1210246]
- kvm-qga-add-guest-set-user-password-command.patch [bz#1174181]
- kvm-qcow2-Zero-initialise-first-cluster-for-new-images.patch [bz#1223216]
- kvm-Documentation-Warn-against-qemu-img-on-active-image.patch [bz#1297424]
- kvm-target-i386-warns-users-when-CPU-threads-1-for-non-I.patch 
[bz#1292678]
- kvm-qemu-options-Fix-texinfo-markup.patch [bz#1250442]
- kvm-qga-Fix-memory-allocation-pasto.patch []
- kvm-block-raw-posix-Open-file-descriptor-O_RDWR-to-work-.patch 
[bz#1268347]
- Resolves: bz#1174181
   (RFE: provide QEMU guest agent command for setting root/administrator 
account password)
- Resolves: bz#1210246
   ([virtagent]The 'write' content is lost if 'read' it before flush 
through guest agent)
- Resolves: bz#1223216
   (qemu-img can not create qcow2 image when backend is block device)
- Resolves: bz#1250442
   (qemu-doc.html bad markup in section 3.3 Invocation)
- Resolves: bz#1268347
   (posix_fallocate emulation on NFS fails with Bad file descriptor if 
fd is opened O_WRONLY)
- Resolves: bz#1292678
   (Qemu should report error when cmdline set threads=2 in amd host)
- Resolves: bz#1297424
   (Add warning about running qemu-img on active VMs to its manpage)

[0.12.1.2-2.483.el6]
- kvm-rtl8139-Fix-receive-buffer-overflow-check.patch [bz#1262866]
- kvm-rtl8139-Do-not-consume-the-packet-during-overflow-in.patch 
[bz#1262866]
- Resolves: bz#1262866
   ([RHEL6] Package is 100% lost when ping from host to Win2012r2 guest 
with 64000 size)

[0.12.1.2-2.482.el6]
- kvm-qemu-kvm-get-put-MSR_TSC_AUX-across-reset-and-migrat.patch 
[bz#1265428]
- kvm-qcow2-Discard-VM-state-in-active-L1-after-creating-s.patch 
[bz#1219908]
- kvm-net-pcnet-add-check-to-validate-receive-data-size-CV.patch 
[bz#1286597]
- kvm-pcnet-fix-rx-buffer-overflow-CVE-2015-7512.patch [bz#1286567]
- Resolves: bz#1219908
   (Writing snapshots with "virsh snapshot-create-as" command slows as 
more snapshots are created)
- Resolves: bz#1265428
   (contents of MSR_TSC_AUX are not migrated)
- Resolves: bz#1286567
   (CVE-2015-7512 qemu-kvm: Qemu: net: pcnet: buffer overflow in 
non-loopback mode [rhel-6.8])

[0.12.1.2-2.481.el6]
- kvm-net-add-checks-to-validate-ring-buffer-pointers-CVE-.patch 
[bz#1263275]
- Resolves: bz#1263275
   (CVE-2015-5279 qemu-kvm: qemu: Heap overflow vulnerability in 
ne2000_receive() function [rhel-6.8])

[0.12.1.2-2.480.el6]
- kvm-virtio-rng-fix-segfault-when-adding-a-virtio-pci-rng.patch 
[bz#1230068]
- kvm-qga-commands-posix-Fix-bug-in-guest-fstrim.patch [bz#1213236]
- kvm-rtl8139-avoid-nested-ifs-in-IP-header-parsing-CVE-20.patch 
[bz#1248763]
- kvm-rtl8139-drop-tautologous-if-ip-.-statement-CVE-2015-.patch 
[bz#1248763]
- kvm-rtl8139-skip-offload-on-short-Ethernet-IP-header-CVE.patch 
[bz#1248763]
- kvm-rtl8139-check-IP-Header-Length-field-CVE-2015-5165.patch [bz#1248763]
- kvm-rtl8139-check-IP-Total-Length-field-CVE-2015-5165.patch [bz#1248763]
- kvm-rtl8139-skip-offload-on-short-TCP-header-CVE-2015-51.patch 
[bz#1248763]
- kvm-rtl8139-check-TCP-Data-Offset-field-CVE-2015-5165.patch [bz#1248763]
- Resolves: bz#1213236
   ([virtagent] 'guest-fstrim' failed for guest with os on spapr-vscsi disk)
- Resolves: bz#1230068
   (Segmentation fault when re-adding virtio-rng-pci device)
- Resolves: bz#1248763
   (CVE-2015-5165 qemu-kvm: Qemu: rtl8139 uninitialized heap memory 
information leakage to guest [rhel-6.8])

More information about the El-errata mailing list