[El-errata] ELSA-2019-4640 Important: Oracle Linux 7 qemu security update (aarch64)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue May 14 19:20:38 PDT 2019
Oracle Linux Security Advisory ELSA-2019-4640
http://linux.oracle.com/errata/ELSA-2019-4640.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
aarch64:
ivshmem-tools-3.1.0-3.el7.aarch64.rpm
qemu-3.1.0-3.el7.aarch64.rpm
qemu-block-gluster-3.1.0-3.el7.aarch64.rpm
qemu-block-iscsi-3.1.0-3.el7.aarch64.rpm
qemu-block-rbd-3.1.0-3.el7.aarch64.rpm
qemu-common-3.1.0-3.el7.aarch64.rpm
qemu-img-3.1.0-3.el7.aarch64.rpm
qemu-kvm-3.1.0-3.el7.aarch64.rpm
qemu-kvm-core-3.1.0-3.el7.aarch64.rpm
qemu-system-aarch64-3.1.0-3.el7.aarch64.rpm
qemu-system-aarch64-core-3.1.0-3.el7.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/qemu-3.1.0-3.el7.src.rpm
Description of changes:
[15:3.1.0-3.el7]
- x86: Document CVE-2018-12126 CVE-2018-12130 CVE-2018-12127
CVE-2019-11091 as
fixed (Mark Kanda) [Orabug: 29744956] {CVE-2018-12126} {CVE-2018-12127}
{CVE-2018-12130} {CVE-2019-11091}
[15:3.1.0-2.el7]
- x86: Add mds feature (Karl Heubaum) - e1000: Never increment the RX
undersize count register (Chris Kenna) - qemu.spec: audioflags set but
never passed to configure script (Liam Merwick) [Orabug: 29715562]
- parfait: deal with parfait returning non-zero return value (Liam
Merwick) [Orabug: 29715548]
- parfait: use nproc to choose default number of threads (Liam Merwick)
[Orabug: 29715548]
- parfait: provide option to upload results (Liam Merwick) [Orabug:
29715548]
- parfait: disable misaligned-access check (Liam Merwick) [Orabug: 29715548]
- Document CVE-2019-8934 and CVE-2019-5008 as fixed (Mark Kanda)
[Orabug: 29715605] {CVE-2019-5008} {CVE-2019-8934}
- device_tree.c: Don't use load_image() (Peter Maydell) [Orabug:
29715527] {CVE-2018-20815}
- slirp: check sscanf result when emulating ident (William Bowling)
[Orabug: 29715525] {CVE-2019-9824}
- i2c-ddc: fix oob read (Gerd Hoffmann) [Orabug: 29715520] {CVE-2019-3812}
- scsi-generic: avoid possible out-of-bounds access to r->buf (Paolo
Bonzini) [Orabug: 29259700] {CVE-2019-6501}
- slirp: check data length while emulating ident function (Prasad J
Pandit) [Orabug: 29715755] {CVE-2019-6778}
More information about the El-errata
mailing list