qemu-kvm security, bug fix, and enhancement update

2018-04-1600:00:00

linux.oracle.com

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.975 High

EPSS

Percentile

100.0%

JSON

[1.5.3-156.el7]

kvm-vnc-Fix-qemu-crashed-when-vnc-client-disconnect-sudd.patch [bz#1527405]
kvm-fix-full-frame-updates-for-VNC-clients.patch [bz#1527405]
kvm-vnc-update-fix.patch [bz#1527405]
kvm-vnc-return-directly-if-no-vnc-client-connected.patch [bz#1527405]
kvm-buffer-add-buffer_move_empty.patch [bz#1527405]
kvm-buffer-add-buffer_move.patch [bz#1527405]
kvm-vnc-kill-jobs-queue-buffer.patch [bz#1527405]
kvm-vnc-jobs-move-buffer-reset-use-new-buffer-move.patch [bz#1527405]
kvm-vnc-zap-dead-code.patch [bz#1527405]
kvm-vnc-add-vnc_width-vnc_height-helpers.patch [bz#1527405]
kvm-vnc-factor-out-vnc_update_server_surface.patch [bz#1527405]
kvm-vnc-use-vnc_-width-height-in-vnc_set_area_dirty.patch [bz#1527405]
kvm-vnc-only-alloc-server-surface-with-clients-connected.patch [bz#1527405]
kvm-ui-fix-refresh-of-VNC-server-surface.patch [bz#1527405]
kvm-ui-move-disconnecting-check-to-start-of-vnc_update_c.patch [bz#1527405]
kvm-ui-remove-redundant-indentation-in-vnc_client_update.patch [bz#1527405]
kvm-ui-avoid-pointless-VNC-updates-if-framebuffer-isn-t-.patch [bz#1527405]
kvm-ui-track-how-much-decoded-data-we-consumed-when-doin.patch [bz#1527405]
kvm-ui-introduce-enum-to-track-VNC-client-framebuffer-up.patch [bz#1527405]
kvm-ui-correctly-reset-framebuffer-update-state-after-pr.patch [bz#1527405]
kvm-ui-refactor-code-for-determining-if-an-update-should.patch [bz#1527405]
kvm-ui-fix-VNC-client-throttling-when-audio-capture-is-a.patch [bz#1527405]
kvm-ui-fix-VNC-client-throttling-when-forced-update-is-r.patch [bz#1527405]
kvm-ui-place-a-hard-cap-on-VNC-server-output-buffer-size.patch [bz#1527405]
kvm-ui-avoid-sign-extension-using-client-width-height.patch [bz#1527405]
kvm-ui-correctly-advance-output-buffer-when-writing-SASL.patch [bz#1527405]
kvm-io-skip-updates-to-client-if-websocket-output-buffer.patch [bz#1518711]
Resolves: bz#1518711
(CVE-2017-15268 qemu-kvm: Qemu: I/O: potential memory exhaustion via websock connection to VNC [rhel-7.5])
Resolves: bz#1527405
(CVE-2017-15124 qemu-kvm: Qemu: memory exhaustion through framebuffer update request message in VNC server [rhel-7.5])
[1.5.3-155.el7]
kvm-qdev-Fix-assert-in-PCI-address-property-when-used-by.patch [bz#1538866]
kvm-vga-check-the-validation-of-memory-addr-when-draw-te.patch [bz#1534691]
kvm-savevm-Improve-error-message-for-blocked-migration.patch [bz#1536883]
kvm-savevm-fail-if-migration-blockers-are-present.patch [bz#1536883]
Resolves: bz#1534691
(CVE-2018-5683 qemu-kvm: Qemu: Out-of-bounds read in vga_draw_text routine [rhel-7.5])
Resolves: bz#1536883
([abrt] [faf] qemu-kvm: unknown function(): /usr/libexec/qemu-kvm killed by 6)
Resolves: bz#1538866
(qemu will coredump after executing info qtree)
[1.5.3-154.el7]
kvm-virtio-net-validate-backend-queue-numbers-against-bu.patch [bz#1460872]
kvm-dump-guest-memory.py-fix-python-2-support.patch [bz#1411490]
kvm-qxl-add-migration-blocker-to-avoid-pre-save-assert.patch [bz#1536883]
Resolves: bz#1411490
([RFE] Kernel address space layout randomization [KASLR] support (qemu-kvm))
Resolves: bz#1460872
(Aborted(core dumped) when booting guest with ‘-netdev tap…vhost=on,queues=32’)
Resolves: bz#1536883
([abrt] [faf] qemu-kvm: unknown function(): /usr/libexec/qemu-kvm killed by 6)
[1.5.3-153.el7]
kvm-i386-update-ssdt-misc.hex.generated.patch [bz#1411490]
kvm-main-loop-Acquire-main_context-lock-around-os_host_m.patch [bz#1435432 bz#1473536]
Resolves: bz#1411490
([RFE] Kernel address space layout randomization [KASLR] support (qemu-kvm))
Resolves: bz#1435432
(Emulated ISA serial port hangs randomly when sending lots of data from guest -> host)
Resolves: bz#1473536
(Hangs in serial console under qemu)
[1.5.3-152.el7]
kvm-target-i386-cpu-add-new-CPUID-bits-for-indirect-bran.patch [CVE-2017-5715]
kvm-target-i386-add-support-for-SPEC_CTRL-MSR.patch [CVE-2017-5715]
kvm-target-i386-cpu-add-new-CPU-models-for-indirect-bran.patch [CVE-2017-5715]
[1.5.3-151.el7]
kvm-fw_cfg-remove-support-for-guest-side-data-writes.patch [bz#1411490]
kvm-fw_cfg-prevent-selector-key-conflict.patch [bz#1411490]
kvm-fw_cfg-prohibit-insertion-of-duplicate-fw_cfg-file-n.patch [bz#1411490]
kvm-fw_cfg-factor-out-initialization-of-FW_CFG_ID-rev.-n.patch [bz#1411490]
kvm-Implement-fw_cfg-DMA-interface.patch [bz#1411490]
kvm-fw_cfg-avoid-calculating-invalid-current-entry-point.patch [bz#1411490]
kvm-fw-cfg-support-writeable-blobs.patch [bz#1411490]
kvm-Enable-fw_cfg-DMA-interface-for-x86.patch [bz#1411490]
kvm-fw_cfg-unbreak-migration-compatibility.patch [bz#1411490]
kvm-i386-expose-fw_cfg-QEMU0002-in-SSDT.patch [bz#1411490]
kvm-fw_cfg-add-write-callback.patch [bz#1411490]
kvm-hw-misc-add-vmcoreinfo-device.patch [bz#1411490]
kvm-vmcoreinfo-put-it-in-the-misc-device-category.patch [bz#1411490]
kvm-fw_cfg-enable-DMA-if-device-vmcoreinfo.patch [bz#1411490]
kvm-build-sys-restrict-vmcoreinfo-to-fw_cfg-dma-capable-.patch [bz#1411490]
kvm-dump-Make-DumpState-and-endian-conversion-routines-a.patch [bz#1411490]
kvm-dump.c-Fix-memory-leak-issue-in-cleanup-processing-f.patch [bz#1411490]
kvm-dump-Propagate-errors-into-qmp_dump_guest_memory.patch [bz#1411490]
kvm-dump-Turn-some-functions-to-void-to-make-code-cleane.patch [bz#1411490]
kvm-dump-Fix-dump-guest-memory-termination-and-use-after.patch [bz#1411490]
kvm-dump-allow-target-to-set-the-page-size.patch [bz#1411490]
kvm-dump-allow-target-to-set-the-physical-base.patch [bz#1411490]
kvm-dump-guest-memory-cleanup-removing-dump_-error-clean.patch [bz#1411490]
kvm-dump-guest-memory-using-static-DumpState-add-DumpSta.patch [bz#1411490]
kvm-dump-guest-memory-add-dump_in_progress-helper-functi.patch [bz#1411490]
kvm-dump-guest-memory-introduce-dump_process-helper-func.patch [bz#1411490]
kvm-dump-guest-memory-disable-dump-when-in-INMIGRATE-sta.patch [bz#1411490]
kvm-DumpState-adding-total_size-and-written_size-fields.patch [bz#1411490]
kvm-dump-do-not-dump-non-existent-guest-memory.patch [bz#1411490]
kvm-dump-add-guest-ELF-note.patch [bz#1411490]
kvm-dump-update-phys_base-header-field-based-on-VMCOREIN.patch [bz#1411490]
kvm-kdump-set-vmcoreinfo-location.patch [bz#1411490]
kvm-scripts-dump-guest-memory.py-Move-constants-to-the-t.patch [bz#1411490]
kvm-scripts-dump-guest-memory.py-Make-methods-functions.patch [bz#1411490]
kvm-scripts-dump-guest-memory.py-Improve-python-3-compat.patch [bz#1411490]
kvm-scripts-dump-guest-memory.py-Cleanup-functions.patch [bz#1411490]
kvm-scripts-dump-guest-memory.py-Introduce-multi-arch-su.patch [bz#1411490]
kvm-Fix-typo-in-variable-name-found-and-fixed-by-codespe.patch [bz#1411490]
kvm-scripts-dump-guest-memory.py-add-vmcoreinfo.patch [bz#1411490]
kvm-dump-guest-memory.py-fix-No-symbol-vmcoreinfo_find.patch [bz#1411490]
kvm-dump-guest-memory.py-fix-You-can-t-do-that-without-a.patch [bz#1411490]
Resolves: bz#1411490
([RFE] Kernel address space layout randomization [KASLR] support (qemu-kvm))
[1.5.3-150.el7]
kvm-Build-only-x86_64-packages.patch [bz#1520793]
Resolves: bz#1520793
(Do not build non-x86_64 subpackages)
[1.5.3-149.el7]
kvm-block-linux-aio-fix-memory-and-fd-leak.patch [bz#1491434]
kvm-linux-aio-Fix-laio-resource-leak.patch [bz#1491434]
kvm-slirp-cleanup-leftovers-from-misc.h.patch [bz#1508745]
kvm-Avoid-embedding-struct-mbuf-in-other-structures.patch [bz#1508745]
kvm-slirp-Fix-access-to-freed-memory.patch [bz#1508745]
kvm-slirp-fix-clearing-ifq_so-from-pending-packets.patch [bz#1508745]
kvm-qcow2-Prevent-backing-file-names-longer-than-1023.patch [bz#1459714]
kvm-qemu-img-Use-strerror-for-generic-resize-error.patch [bz#1459725]
kvm-qcow2-Avoid-making-the-L1-table-too-big.patch [bz#1459725]
Resolves: bz#1459714
(Throw error if qemu-img rebasing backing file is too long or provide way to fix a ‘too long’ backing file.)
Resolves: bz#1459725
(Prevent qemu-img resize from causing ‘Active L1 table too large’)
Resolves: bz#1491434
(KVM leaks file descriptors when attaching and detaching virtio-scsi block devices)
Resolves: bz#1508745
(CVE-2017-13711 qemu-kvm: Qemu: Slirp: use-after-free when sending response [rhel-7.5])
[1.5.3-148.el7]
kvm-multiboot-validate-multiboot-header-address-values.patch [bz#1501121]
kvm-qemu-option-reject-empty-number-value.patch [bz#1417864]
Resolves: bz#1417864
(Qemu-kvm starts with unspecified port)
Resolves: bz#1501121
(CVE-2017-14167 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.5])
[1.5.3-147.el7]
kvm-vga-drop-line_offset-variable.patch [bz#1501295]
kvm-vga-Add-mechanism-to-force-the-use-of-a-shadow-surfa.patch [bz#1501295]
kvm-vga-handle-cirrus-vbe-mode-wraparounds.patch [bz#1501295]
kvm-cirrus-fix-oob-access-in-mode4and5-write-functions.patch [bz#1501295]
kvm-i6300esb-Fix-signed-integer-overflow.patch [bz#1470244]
kvm-i6300esb-fix-timer-overflow.patch [bz#1470244]
kvm-i6300esb-remove-muldiv64.patch [bz#1470244]
Resolves: bz#1470244
(reboot leads to shutoff of qemu-kvm-vm if i6300esb-watchdog set to poweroff)
Resolves: bz#1501295
(CVE-2017-15289 qemu-kvm: Qemu: cirrus: OOB access issue in mode4and5 write functions [rhel-7.5])
[1.5.3-146.el7]
kvm-vfio-pass-device-to-vfio_mmap_bar-and-use-it-to-set-.patch [bz#1494181]
kvm-hw-vfio-pci-Rename-VFIODevice-into-VFIOPCIDevice.patch [bz#1494181]
kvm-hw-vfio-pci-generalize-mask-unmask-to-any-IRQ-index.patch [bz#1494181]
kvm-hw-vfio-pci-introduce-minimalist-VFIODevice-with-fd.patch [bz#1494181]
kvm-hw-vfio-pci-add-type-name-and-group-fields-in-VFIODe.patch [bz#1494181]
kvm-hw-vfio-pci-handle-reset-at-VFIODevice.patch [bz#1494181]
kvm-hw-vfio-pci-Introduce-VFIORegion.patch [bz#1494181]
kvm-hw-vfio-pci-use-name-field-in-format-strings.patch [bz#1494181]
kvm-vfio-Add-sysfsdev-property-for-pci-platform.patch [bz#1494181]
kvm-vfio-remove-bootindex-property-from-qdev-to-qom.patch [bz#1494181]
kvm-vfio-pci-Handle-host-oversight.patch [bz#1494181]
kvm-vfio-pci-Fix-incorrect-error-message.patch [bz#1494181]
kvm-vfio-Wrap-VFIO_DEVICE_GET_REGION_INFO.patch [bz#1494181]
kvm-vfio-Generalize-region-support.patch [bz#1494181]
kvm-vfio-Enable-sparse-mmap-capability.patch [bz#1494181]
kvm-vfio-Handle-zero-length-sparse-mmap-ranges.patch [bz#1494181]
kvm-bswap.h-Remove-cpu_to_32wu.patch [bz#1486642]
kvm-hw-use-ld_p-st_p-instead-of-ld_raw-st_raw.patch [bz#1486642]
kvm-vga-Start-cutting-out-non-32bpp-conversion-support.patch [bz#1486642]
kvm-vga-Remove-remainder-of-old-conversion-cruft.patch [bz#1486642]
kvm-vga-Separate-LE-and-BE-conversion-functions.patch [bz#1486642]
kvm-vga-Rename-vga_template.h-to-vga-helpers.h.patch [bz#1486642]
kvm-vga-stop-passing-pointers-to-vga_draw_line-functions.patch [bz#1486642]
kvm-target-i386-Add-Intel-SHA_NI-instruction-support.patch [bz#1450396]
kvm-target-i386-cpu-Add-new-EPYC-CPU-model.patch [bz#1450396]
kvm-target-i386-Enable-clflushopt-clwb-pcommit-instructi.patch [bz#1501510]
kvm-i386-add-Skylake-Server-cpu-model.patch [bz#1501510]
Resolves: bz#1450396
(Add support for AMD EPYC processors)
Resolves: bz#1486642
(CVE-2017-13672 qemu-kvm: Qemu: vga: OOB read access during display update [rhel-7.5])
Resolves: bz#1494181
(Backport vGPU support to qemu-kvm)
Resolves: bz#1501510
(Add Skylake-Server CPU model (qemu-kvm))
[1.5.3-145.el7]
kvm-qemu-char-add-Czech-characters-to-VNC-keysyms.patch [bz#1476641]
kvm-qemu-char-add-missing-characters-used-in-keymaps.patch [bz#1476641]
kvm-qemu-char-add-cyrillic-characters-numerosign-to-VNC-.patch [bz#1476641]
kvm-block-ssh-Use-QemuOpts-for-runtime-options.patch [bz#1461672]
Resolves: bz#1461672
(qemu-img core dumped when create external snapshot through ssh protocol without specifying image size)
Resolves: bz#1476641
(ui/vnc_keysym.h is very out of date and does not correctly support many Eastern European keyboards)
[1.5.3-144.el7]
kvm-qemu-nbd-Ignore-SIGPIPE.patch [bz#1466463]
Resolves: bz#1466463
(CVE-2017-10664 qemu-kvm: Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort [rhel-7.5])
[1.5.3-143.el7]
kvm-block-Limit-multiwrite-merge-downstream-only.patch [bz#1492559]
Resolves: bz#1492559
(virtio-blk mutiwrite merge causes too big IO)
[1.5.3-142.el7]
kvm-vnc-allow-to-connect-with-add_client-when-vnc-none.patch [bz#1435352]
kvm-virtio-net-dynamic-network-offloads-configuration.patch [bz#1480428]
kvm-Workaround-rhel6-ctrl_guest_offloads-machine-type-mi.patch [bz#1480428]
kvm-target-i386-Add-PKU-and-and-OSPKE-support.patch [bz#1387648]
Resolves: bz#1387648
([Intel 7.5 FEAT] Memory Protection Keys for qemu-kvm)
Resolves: bz#1435352
(qemu started with ‘-vnc none,…’ doesn’t support any VNC authentication)
Resolves: bz#1480428
(KVM: windows guest migration from EL6 to EL7 fails.)

OSVersionArchitecturePackageVersionFilename
oracle linux7srcqemu-kvm< 1.5.3-156.el7qemu-kvm-1.5.3-156.el7.src.rpm
oracle linux7x86_64qemu-img< 1.5.3-156.el7qemu-img-1.5.3-156.el7.x86_64.rpm
oracle linux7x86_64qemu-kvm< 1.5.3-156.el7qemu-kvm-1.5.3-156.el7.x86_64.rpm
oracle linux7x86_64qemu-kvm-common< 1.5.3-156.el7qemu-kvm-common-1.5.3-156.el7.x86_64.rpm
oracle linux7x86_64qemu-kvm-tools< 1.5.3-156.el7qemu-kvm-tools-1.5.3-156.el7.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
oracle linux	7	src	qemu-kvm	< 1.5.3-156.el7	qemu-kvm-1.5.3-156.el7.src.rpm
oracle linux	7	x86_64	qemu-img	< 1.5.3-156.el7	qemu-img-1.5.3-156.el7.x86_64.rpm
oracle linux	7	x86_64	qemu-kvm	< 1.5.3-156.el7	qemu-kvm-1.5.3-156.el7.x86_64.rpm
oracle linux	7	x86_64	qemu-kvm-common	< 1.5.3-156.el7	qemu-kvm-common-1.5.3-156.el7.x86_64.rpm
oracle linux	7	x86_64	qemu-kvm-tools	< 1.5.3-156.el7	qemu-kvm-tools-1.5.3-156.el7.x86_64.rpm