[El-errata] ELSA-2019-4714 Important: Oracle Linux 7 libvirt security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu Jul 11 07:23:55 PDT 2019
Oracle Linux Security Advisory ELSA-2019-4714
http://linux.oracle.com/errata/ELSA-2019-4714.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
i386:
x86_64:
libvirt-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-kvm-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-lxc-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-qemu-5.0.0-9.el7.x86_64.rpm
libvirt-libs-5.0.0-9.el7.x86_64.rpm
libvirt-lock-sanlock-5.0.0-9.el7.x86_64.rpm
libvirt-login-shell-5.0.0-9.el7.x86_64.rpm
libvirt-nss-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-config-network-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-config-nwfilter-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-interface-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-lxc-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-network-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-nodedev-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-nwfilter-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-qemu-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-secret-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-core-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-disk-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-gluster-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-logical-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-mpath-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-rbd-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-scsi-5.0.0-9.el7.x86_64.rpm
libvirt-admin-5.0.0-9.el7.x86_64.rpm
libvirt-bash-completion-5.0.0-9.el7.x86_64.rpm
libvirt-client-5.0.0-9.el7.x86_64.rpm
libvirt-devel-5.0.0-9.el7.x86_64.rpm
libvirt-docs-5.0.0-9.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/libvirt-5.0.0-9.el7.src.rpm
Description of changes:
[5.0.0-9.el7]
- qemu: remove cpuhostmask and cpuguestmask from virCaps structure (Wim ten
Have) [Orabug: 29956508]
[5.0.0-8.el7]
- api: disallow virDomainSaveImageGetXMLDesc on read-only connections
(Ján Tomko) [Orabug: 29955742] {CVE-2019-10161}
- domain: Define explicit flags for saved image xml (Eric Blake)
[Orabug: 29955742]
- api: disallow virDomainManagedSaveDefineXML on read-only connections
(Ján Tomko) [Orabug: 29955742] {CVE-2019-10166}
- api: disallow virConnectGetDomainCapabilities on read-only connections
(Ján Tomko) [Orabug: 29955742] {CVE-2019-10167}
- api: disallow virConnect*HypervisorCPU on read-only connections (Ján
Tomko) [Orabug: 29955742] {CVE-2019-10168}
[5.0.0-7.el7]
- cpu_map: Define md-clear CPUID bit (Jiri Denemark) [Orabug: 29874181]
{CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}
[5.0.0-6.el7]
- qemu: Driver change adding private lock to auto-tune hugepages (Wim
ten Have)
[Orabug: 29809943]
[5.0.0-5.el7]
- qemu: disable setmem change requests for vNUMA targets (Wim ten Have)
[Orabug: 29797366]
- domain: Disable memballoon memory configuration support for vNUMA
guests (Wim ten Have) [Orabug: 29797366]
- qemu: Driver change to target for vNUMA setmaxmem change request (Wim
ten Have) [Orabug: 29749852]
- domain: Add domain memory config support for vNUMA guests (Wim ten
Have) [Orabug: 29749852]
- logging: restrict sockets to mode 0600 (Daniel P. Berrangé) [Orabug:
29861433] {CVE-2019-10132}
- locking: restrict sockets to mode 0600 (Daniel P. Berrangé) [Orabug:
29861433] {CVE-2019-10132}
- admin: reject clients unless their UID matches the current UID (Daniel
P. Berrangé) [Orabug: 29861433] {CVE-2019-10132}
More information about the El-errata
mailing list