[El-errata] ELSA-2019-4714 Important: Oracle Linux 7 libvirt security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Jul 11 07:23:55 PDT 2019


Oracle Linux Security Advisory ELSA-2019-4714

http://linux.oracle.com/errata/ELSA-2019-4714.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

i386:

x86_64:
libvirt-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-kvm-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-lxc-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-qemu-5.0.0-9.el7.x86_64.rpm
libvirt-libs-5.0.0-9.el7.x86_64.rpm
libvirt-lock-sanlock-5.0.0-9.el7.x86_64.rpm
libvirt-login-shell-5.0.0-9.el7.x86_64.rpm
libvirt-nss-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-config-network-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-config-nwfilter-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-interface-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-lxc-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-network-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-nodedev-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-nwfilter-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-qemu-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-secret-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-core-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-disk-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-gluster-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-logical-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-mpath-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-rbd-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-scsi-5.0.0-9.el7.x86_64.rpm
libvirt-admin-5.0.0-9.el7.x86_64.rpm
libvirt-bash-completion-5.0.0-9.el7.x86_64.rpm
libvirt-client-5.0.0-9.el7.x86_64.rpm
libvirt-devel-5.0.0-9.el7.x86_64.rpm
libvirt-docs-5.0.0-9.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/libvirt-5.0.0-9.el7.src.rpm



Description of changes:

[5.0.0-9.el7]
- qemu: remove cpuhostmask and cpuguestmask from virCaps structure (Wim ten
Have) [Orabug: 29956508]

[5.0.0-8.el7]
- api: disallow virDomainSaveImageGetXMLDesc on read-only connections 
(Ján Tomko) [Orabug: 29955742] {CVE-2019-10161}
- domain: Define explicit flags for saved image xml (Eric Blake) 
[Orabug: 29955742]
- api: disallow virDomainManagedSaveDefineXML on read-only connections 
(Ján Tomko) [Orabug: 29955742] {CVE-2019-10166}
- api: disallow virConnectGetDomainCapabilities on read-only connections 
(Ján Tomko) [Orabug: 29955742] {CVE-2019-10167}
- api: disallow virConnect*HypervisorCPU on read-only connections (Ján 
Tomko) [Orabug: 29955742] {CVE-2019-10168}

[5.0.0-7.el7]
- cpu_map: Define md-clear CPUID bit (Jiri Denemark) [Orabug: 29874181]
{CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}

[5.0.0-6.el7]
- qemu: Driver change adding private lock to auto-tune hugepages (Wim 
ten Have)
[Orabug: 29809943]

[5.0.0-5.el7]
- qemu: disable setmem change requests for vNUMA targets (Wim ten Have) 
[Orabug: 29797366]
- domain: Disable memballoon memory configuration support for vNUMA 
guests (Wim ten Have) [Orabug: 29797366]
- qemu: Driver change to target for vNUMA setmaxmem change request (Wim 
ten Have) [Orabug: 29749852]
- domain: Add domain memory config support for vNUMA guests (Wim ten 
Have) [Orabug: 29749852]
- logging: restrict sockets to mode 0600 (Daniel P. Berrangé) [Orabug: 
29861433] {CVE-2019-10132}
- locking: restrict sockets to mode 0600 (Daniel P. Berrangé) [Orabug: 
29861433] {CVE-2019-10132}
- admin: reject clients unless their UID matches the current UID (Daniel 
P. Berrangé) [Orabug: 29861433] {CVE-2019-10132}




More information about the El-errata mailing list