[El-errata] ELSA-2016-2585 Moderate: Oracle Linux 7 qemu-kvm security, bug fix, and enhancement update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Nov 10 11:02:23 PST 2016 

Oracle Linux Security Advisory ELSA-2016-2585

http://linux.oracle.com/errata/ELSA-2016-2585.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
qemu-img-1.5.3-126.el7.x86_64.rpm
qemu-kvm-1.5.3-126.el7.x86_64.rpm
qemu-kvm-common-1.5.3-126.el7.x86_64.rpm
qemu-kvm-tools-1.5.3-126.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/qemu-kvm-1.5.3-126.el7.src.rpm



Description of changes:

[1.5.3-126.el7]
- kvm-virtio-recalculate-vq-inuse-after-migration.patch [bz#1376542]
- Resolves: bz#1376542
   (RHSA-2016-1756 breaks migration of instances)

[1.5.3-125.el7]
- kvm-nbd-server-Set-O_NONBLOCK-on-client-fd.patch [bz#1285453]
- Resolves: bz#1285453
   (An NBD client can cause QEMU main loop to block when connecting to 
built-in NBD server)

[1.5.3-124.el7]
- kvm-target-i386-Add-support-for-FEAT_7_0_ECX.patch [bz#1372459]
- kvm-target-i386-Add-more-Intel-AVX-512-instructions-supp.patch 
[bz#1372459]
- Resolves: bz#1372459
   ([Intel 7.3 Bug] SKL-SP Guest cpu doesn't support avx512 instruction 
sets(avx512bw, avx512dq and avx512vl) (qemu-kvm))

[1.5.3-123.el7]
- kvm-Fix-backport-of-target-i386-add-feature-flags-for-CP.patch 
[bz#1371619]
- kvm-Add-skip_dump-flag-to-ignore-memory-region-during-du.patch 
[bz#1373088]
- Resolves: bz#1371619
   (Flags xsaveopt xsavec xgetbv1 are missing on qemu-kvm)
- Resolves: bz#1373088
   ([FJ7.3 Bug]: virsh dump with both --memory-only and --format option 
fails)

[1.5.3-122.el7]
- kvm-virtio-validate-the-existence-of-handle_output-befor.patch 
[bz#1367040]
- Resolves: bz#1367040
   (QEMU crash when guest notifies non-existent virtqueue)

[1.5.3-121.el7]
- kvm-json-parser-drop-superfluous-assignment-for-token-va.patch 
[bz#1276036]
- kvm-qjson-Apply-nesting-limit-more-sanely.patch [bz#1276036]
- kvm-qjson-Don-t-crash-when-input-exceeds-nesting-limit.patch [bz#1276036]
- kvm-check-qjson-Add-test-for-JSON-nesting-depth-limit.patch [bz#1276036]
- kvm-qjson-Spell-out-some-silent-assumptions.patch [bz#1276036]
- kvm-qjson-Give-each-of-the-six-structural-chars-its-own-.patch 
[bz#1276036]
- kvm-qjson-Inline-token_is_keyword-and-simplify.patch [bz#1276036]
- kvm-qjson-Inline-token_is_escape-and-simplify.patch [bz#1276036]
- kvm-qjson-replace-QString-in-JSONLexer-with-GString.patch [bz#1276036]
- kvm-qjson-Convert-to-parser-to-recursive-descent.patch [bz#1276036]
- kvm-qjson-store-tokens-in-a-GQueue.patch [bz#1276036]
- kvm-qjson-surprise-allocating-6-QObjects-per-token-is-ex.patch 
[bz#1276036]
- kvm-qjson-Limit-number-of-tokens-in-addition-to-total-si.patch 
[bz#1276036]
- kvm-json-streamer-Don-t-leak-tokens-on-incomplete-parse.patch [bz#1276036]
- kvm-json-streamer-fix-double-free-on-exiting-during-a-pa.patch 
[bz#1276036]
- kvm-trace-remove-malloc-tracing.patch [bz#1360137]
- Resolves: bz#1276036
   (Crash on QMP input exceeding limits)
- Resolves: bz#1360137
   (GLib-WARNING **: gmem.c:482: custom memory allocation vtable not 
supported)

[1.5.3-120.el7]
- kvm-Add-install-dependency-to-newer-libusbx-version.patch [bz#1351106]
- kvm-virtio-error-out-if-guest-exceeds-virtqueue-size.patch [bz#1359729]
- Resolves: bz#1351106
   (symbol lookup error: /usr/libexec/qemu-kvm: undefined symbol: 
libusb_get_port_numbers)
- Resolves: bz#1359729
   (CVE-2016-5403 qemu-kvm: Qemu: virtio: unbounded memory allocation on 
host via guest leading to DoS [rhel-7.3])

[1.5.3-119.el7]
- kvm-qxl-factor-out-qxl_get_check_slot_offset.patch [bz#1355730]
- kvm-qxl-store-memory-region-and-offset-instead-of-pointe.patch 
[bz#1355730]
- kvm-qxl-fix-surface-migration.patch [bz#1355730]
- kvm-qxl-fix-qxl_set_dirty-call-in-qxl_dirty_one_surface.patch [bz#1355730]
- Resolves: bz#1355730
   (spice-gtk shows outdated screen state after migration [qemu-kvm])

[1.5.3-118.el7]
- kvm-util-introduce-MIN_NON_ZERO.patch [bz#1318199]
- kvm-BlockLimits-introduce-max_transfer_length.patch [bz#1318199]
- kvm-block-backend-expose-bs-bl.max_transfer_length.patch [bz#1318199]
- kvm-scsi-generic-Merge-block-max-xfer-len-in-INQUIRY-res.patch 
[bz#1318199]
- kvm-raw-posix-Fetch-max-sectors-for-host-block-device.patch [bz#1318199]
- kvm-scsi-Advertise-limits-by-blocksize-not-512.patch [bz#1318199]
- kvm-util-Fix-MIN_NON_ZERO.patch [bz#1318199]
- Resolves: bz#1318199
   (expose host BLKSECTGET limit in scsi-block (qemu-kvm))

[1.5.3-117.el7]
- kvm-target-i386-add-feature-flags-for-CPUID-EAX-0xd-ECX-.patch 
[bz#1327599]
- kvm-target-i386-add-Skylake-Client-cpu-model.patch [bz#1327599]
- Resolves: bz#1327599
   (Add Skylake CPU model)

[1.5.3-116.el7]
- kvm-block-iscsi-avoid-potential-overflow-of-acb-task-cdb.patch 
[bz#1340929]
- Resolves: bz#1340929
   (CVE-2016-5126 qemu-kvm: Qemu: block: iscsi: buffer overflow in 
iscsi_aio_ioctl [rhel-7.3])

[1.5.3-115.el7]
- kvm-spice-do-not-require-TCP-ports.patch [bz#1336491]
- kvm-vga-add-sr_vbe-register-set.patch [bz#1346982]
- Resolves: bz#1336491
   (Ship FD connection patches qemu-kvm part)
- Resolves: bz#1346982
   (Regression from CVE-2016-3712: windows installer fails to start)

[1.5.3-114.el7]
- kvm-hw-input-hid.c-Fix-capslock-hid-code.patch [bz#1256741]
- kvm-target-i386-fix-pcmpxstrx-equal-ordered-strstr-mode.patch [bz#1340971]
- kvm-spec-Update-rules-before-triggering-for-kvm-device.patch [bz#1333159]
- Resolves: bz#1256741
   ("CapsLock" will work as "\" when boot a guest with usb-kbd)
- Resolves: bz#1333159
   (qemu-kvm doesn't reload udev rules before triggering for kvm device)
- Resolves: bz#1340971
   (qemu: accel=tcg does not implement SSE 4 properly)

[1.5.3-113.el7]
- kvm-qxl-allow-to-specify-head-limit-to-qxl-driver.patch [bz#1283198]
- kvm-qxl-Fix-new-function-name-for-spice-server-library.patch [bz#1283198]
- kvm-block-raw-posix-Open-file-descriptor-O_RDWR-to-work-.patch 
[bz#1268345]
- Resolves: bz#1268345
   (posix_fallocate emulation on NFS fails with Bad file descriptor if 
fd is opened O_WRONLY)
- Resolves: bz#1283198
   (RFE: backport max monitor limitation from Qemu upstream)

[1.5.3-112.el7]
- kvm-virtio-scsi-Prevent-assertion-on-missed-events.patch [bz#1312289]
- kvm-seccomp-adding-sysinfo-system-call-to-whitelist.patch [bz#1177318]
- kvm-acpi-strip-compiler-info-in-built-in-DSDT.patch [bz#1330969]
- kvm-acpi-fix-endian-ness-for-table-ids.patch [bz#1330969]
- kvm-acpi-support-specified-oem-table-id-for-build_header.patch 
[bz#1330969]
- kvm-acpi-take-oem_id-in-build_header-optionally.patch [bz#1330969]
- kvm-acpi-expose-oem_id-and-oem_table_id-in-build_rsdt.patch [bz#1330969]
- kvm-acpi-add-function-to-extract-oem_id-and-oem_table_id.patch 
[bz#1330969]
- kvm-pc-set-the-OEM-fields-in-the-RSDT-and-the-FADT-from-.patch 
[bz#1330969]
- kvm-block-jobs-qemu-kvm-rhel-differentiation.patch [bz#1156635]
- Resolves: bz#1156635
   (Libvirt is confused that qemu-kvm exposes 'block-job-cancel' but not 
'block-stream')
- Resolves: bz#1177318
   (Guest using rbd based image as disk failed to start when sandbox was 
enabled)
- Resolves: bz#1312289
   ("qemu-kvm: 
/builddir/build/BUILD/qemu-1.5.3/hw/scsi/virtio-scsi.c:533: 
virtio_scsi_push_event: Assertion `event == 0' failed" after hotplug 20 
virtio-scsi disks then hotunplug them)
- Resolves: bz#1330969
   (match the OEM ID and OEM Table ID fields of the FADT and the RSDT to 
those of the SLIC)

[1.5.3-111.el7]
- kvm-vmdk-Leave-bdi-intact-if-ENOTSUP-in-vmdk_get_info.patch [bz#1299250]
- kvm-vmdk-Use-g_random_int-to-generate-CID.patch [bz#1299250]
- kvm-vmdk-Fix-comment-to-match-code-of-extent-lines.patch [bz#1299250]
- kvm-vmdk-Clean-up-descriptor-file-reading.patch [bz#1299250]
- kvm-vmdk-Check-descriptor-file-length-when-reading-it.patch [bz#1299250]
- kvm-vmdk-Remove-unnecessary-initialization.patch [bz#1299250]
- kvm-vmdk-Set-errp-on-failures-in-vmdk_open_vmdk4.patch [bz#1299250]
- kvm-block-vmdk-make-ret-variable-usage-clear.patch [bz#1299250]
- kvm-block-vmdk-move-string-allocations-from-stack-to-the.patch 
[bz#1299250]
- kvm-block-vmdk-fixed-sizeof-error.patch [bz#1299250]
- kvm-vmdk-Widen-before-shifting-32-bit-header-field.patch [bz#1299250]
- kvm-vmdk-Fix-next_cluster_sector-for-compressed-write.patch [bz#1299250]
- kvm-vmdk-Fix-index_in_cluster-calculation-in-vmdk_co_get.patch 
[bz#1299250]
- kvm-vmdk-Use-vmdk_find_index_in_cluster-everywhere.patch [bz#1299250]
- kvm-vmdk-Fix-next_cluster_sector-for-compressed-write2.patch [bz#1299250]
- kvm-vmdk-Create-streamOptimized-as-version-3.patch [bz#1299116]
- kvm-vmdk-Fix-converting-to-streamOptimized.patch [bz#1299116]
- kvm-vmdk-Fix-calculation-of-block-status-s-offset.patch [bz#1299116]
- Resolves: bz#1299116
   (qemu-img created VMDK images lead to "Not a supported disk format 
(sparse VMDK version too old)")
- Resolves: bz#1299250
   (qemu-img created VMDK images are unbootable)

[1.5.3-110.el7]
- kvm-qemu-io-Remove-unused-args_command.patch [bz#1272523]
- kvm-cutils-Support-P-and-E-suffixes-in-strtosz.patch [bz#1272523]
- kvm-qemu-io-Make-cvtnum-a-wrapper-around-strtosz_suffix.patch [bz#1272523]
- kvm-qemu-io-Handle-cvtnum-errors-in-alloc.patch [bz#1272523]
- kvm-qemu-io-Don-t-use-global-bs-in-command-implementatio.patch 
[bz#1272523]
- kvm-qemu-io-Split-off-commands-to-qemu-io-cmds.c.patch [bz#1272523]
- kvm-qemu-io-Factor-out-qemuio_command.patch [bz#1272523]
- kvm-qemu-io-Move-help-function.patch [bz#1272523]
- kvm-qemu-io-Move-quit-function.patch [bz#1272523]
- kvm-qemu-io-Move-qemu_strsep-to-cutils.c.patch [bz#1272523]
- kvm-qemu-io-Move-functions-for-registering-and-running-c.patch 
[bz#1272523]
- kvm-qemu-io-Move-command_loop-and-friends.patch [bz#1272523]
- kvm-qemu-io-Move-remaining-helpers-from-cmd.c.patch [bz#1272523]
- kvm-qemu-io-Interface-cleanup.patch [bz#1272523]
- kvm-qemu-io-Use-the-qemu-version-for-V.patch [bz#1272523]
- kvm-Make-qemu-io-commands-available-in-HMP.patch [bz#1272523]
- kvm-blkdebug-Add-BLKDBG_FLUSH_TO_OS-DISK-events.patch [bz#1272523]
- kvm-qemu-io-fix-cvtnum-lval-types.patch [bz#1272523]
- kvm-qemu-io-Check-for-trailing-chars.patch [bz#1272523]
- kvm-qemu-io-Correct-error-messages.patch [bz#1272523]
- kvm-ide-test-fix-failure-for-test_flush.patch [bz#1272523]
- kvm-vga-Remove-some-should-be-done-in-BIOS-comments.patch [bz#1331413]
- kvm-vga-fix-banked-access-bounds-checking-CVE-2016-xxxx.patch [bz#1331413]
- kvm-vga-add-vbe_enabled-helper.patch [bz#1331413]
- kvm-vga-factor-out-vga-register-setup.patch [bz#1331413]
- kvm-vga-update-vga-register-setup-on-vbe-changes.patch [bz#1331413]
- kvm-vga-make-sure-vga-register-setup-for-vbe-stays-intac.patch 
[bz#1331413]
- Resolves: bz#1272523
   (qemu-kvm build failure race condition in tests/ide-test)
- Resolves: bz#1331413
   (EMBARGOED CVE-2016-3710 qemu-kvm: qemu: incorrect banked access 
bounds checking in vga module [rhel-7.3])

[1.5.3-109.el7]
- kvm-e1000-eliminate-infinite-loops-on-out-of-bounds-tran.patch 
[bz#1296044]
- kvm-nbd-Always-call-close_fn-in-nbd_client_new.patch [bz#1285453]
- kvm-nbd-server-Coroutine-based-negotiation.patch [bz#1285453]
- kvm-nbd-client_close-on-error-in-nbd_co_client_start.patch [bz#1285453]
- kvm-Remove-libcacard-build.patch [bz#1314153]
- Resolves: bz#1285453
   (An NBD client can cause QEMU main loop to block when connecting to 
built-in NBD server)
- Resolves: bz#1296044
   (qemu-kvm: insufficient loop termination conditions in start_xmit() 
and e1000_receive() [rhel-7.3])
- Resolves: bz#1314153
   (Disable building of libcacard)

[1.5.3-108.el7]
- kvm-net-Make-qmp_query_rx_filter-with-name-argument-more.patch 
[bz#1269738]
- kvm-fw_cfg-add-check-to-validate-current-entry-value-CVE.patch 
[bz#1298048]
- Resolves: bz#1269738
   (Vlan table display repeat four times in qmp when queues=4)
- Resolves: bz#1298048
   (CVE-2016-1714 qemu-kvm: Qemu: nvram: OOB r/w access in processing 
firmware configurations [rhel-7.3])

[1.5.3-107.el7]
- kvm-raw-posix-Fix-.bdrv_co_get_block_status-for-unaligne.patch 
[bz#1283116]
- Resolves: bz#1283116
   ([abrt] qemu-img: get_block_status(): qemu-img killed by SIGABRT)

[1.5.3-106.el7]
- kvm-ehci-clear-suspend-bit-on-detach.patch [bz#1268879]
- kvm-rbd-make-qemu-s-cache-setting-override-any-ceph-sett.patch 
[bz#1277248]
- kvm-rbd-fix-ceph-settings-precedence.patch [bz#1277248]
- kvm-target-i386-get-put-MSR_TSC_AUX-across-reset-and-mig.patch 
[bz#1265427]
- kvm-rtl8139-Fix-receive-buffer-overflow-check.patch [bz#1252757]
- kvm-rtl8139-Do-not-consume-the-packet-during-overflow-in.patch 
[bz#1252757]
- Resolves: bz#1252757
   ([RHEL-7.2-qmu-kvm] Package is 100% lost when ping from host to 
Win2012r2 guest with 64000 size)
- Resolves: bz#1265427
   (contents of MSR_TSC_AUX are not migrated)
- Resolves: bz#1268879
   (Camera stops work after remote-viewer re-connection [qemu-kvm])
- Resolves: bz#1277248
   (ceph.conf properties override qemu's command-line properties)

More information about the El-errata mailing list