Lucene search

K
oraclelinuxOracleLinuxELSA-2019-4630
HistoryMay 14, 2019 - 12:00 a.m.

qemu security update

2019-05-1400:00:00
linux.oracle.com
100

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.976 High

EPSS

Percentile

100.0%

[15:3.1.0-3.el7]

  • x86: Document CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091 as
    fixed (Mark Kanda) [Orabug: 29744956] {CVE-2018-12126} {CVE-2018-12127}
    {CVE-2018-12130} {CVE-2019-11091}
    [15:3.1.0-2.el7]
  • x86: Add mds feature (Karl Heubaum)
  • e1000: Never increment the RX undersize count register (Chris Kenna)
  • qemu.spec: audioflags set but never passed to configure script (Liam Merwick) [Orabug: 29715562]
  • parfait: deal with parfait returning non-zero return value (Liam Merwick) [Orabug: 29715548]
  • parfait: use nproc to choose default number of threads (Liam Merwick) [Orabug: 29715548]
  • parfait: provide option to upload results (Liam Merwick) [Orabug: 29715548]
  • parfait: disable misaligned-access check (Liam Merwick) [Orabug: 29715548]
  • Document CVE-2019-8934 and CVE-2019-5008 as fixed (Mark Kanda) [Orabug: 29715605] {CVE-2019-5008} {CVE-2019-8934}
  • device_tree.c: Don’t use load_image() (Peter Maydell) [Orabug: 29715527] {CVE-2018-20815}
  • slirp: check sscanf result when emulating ident (William Bowling) [Orabug: 29715525] {CVE-2019-9824}
  • i2c-ddc: fix oob read (Gerd Hoffmann) [Orabug: 29715520] {CVE-2019-3812}
  • scsi-generic: avoid possible out-of-bounds access to r->buf (Paolo Bonzini) [Orabug: 29259700] {CVE-2019-6501}
  • slirp: check data length while emulating ident function (Prasad J Pandit) [Orabug: 29715755] {CVE-2019-6778}
    [15:3.1.0-1.el7]
  • vfio-pci: emit FAILOVER_PRIMARY_CHANGED event on guest behalf when unrealized
  • vfio-pci: emit FAILOVER_PRIMARY_CHANGED event on guest behalf when unrealized (Si-Wei Liu) [Orabug: 29216696]
  • vfio-pci: add FAILOVER_PRIMARY_CHANGED event to shorten downtime during failover (Si-Wei Liu) [Orabug: 29216701]
  • virtio_net: Add support for ‘Data Path Switching’ during Live Migration. (Venu Busireddy) [Orabug: 29216704]
  • virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit to virtio_net (Sridhar Samudrala) [Orabug: 29216714]
  • i386: Add some MSR based features on Cascadelake-Server CPU model (Tao Xu) [Orabug: 29216681]
  • i386: Update stepping of Cascadelake-Server (Tao Xu) [Orabug: 29216681]
  • usb-mtp: use O_NOFOLLOW and O_CLOEXEC. (Gerd Hoffmann) [Orabug: 29216656] {CVE-2018-16872}
  • pvrdma: add uar_read routine (Prasad J Pandit) [Orabug: 29216658] {CVE-2018-20191}
  • pvrdma: release ring object in case of an error (Prasad J Pandit) [Orabug: 29216659] {CVE-2018-20126}
  • pvrdma: check number of pages when creating rings (Prasad J Pandit) [Orabug: 29216666] {CVE-2018-20125}
  • pvrdma: check return value from pvrdma_idx_ring_has_ routines (Prasad J Pandit) [Orabug: 29216672] {CVE-2018-20216}
  • rdma: remove unused VENDOR_ERR_NO_SGE macro (Prasad J Pandit) [Orabug: 29216678] {CVE-2018-20124}
  • rdma: check num_sge does not exceed MAX_SGE (Prasad J Pandit) [Orabug: 29216678] {CVE-2018-20124}
  • i386: Add ‘stibp’ flag name (Eduardo Habkost)
  • parfait: Run static analysis when --with parfait specified (Liam Merwick) [Orabug: 29216688]
  • parfait: add buildrpm/parfait-qemu.conf (Liam Merwick) [Orabug: 29216688]
  • Document various CVEs as fixed (Mark Kanda) [Orabug: 29212424] {CVE-2017-10806} {CVE-2017-11334} {CVE-2017-12809} {CVE-2017-13672} {CVE-2017-13673} {CVE-2017-13711} {CVE-2017-14167} {CVE-2017-15038} {CVE-2017-15119} {CVE-2017-15124} {CVE-2017-15268} {CVE-2017-15289} {CVE-2017-16845} {CVE-2017-17381} {CVE-2017-18030} {CVE-2017-18043} {CVE-2017-2630} {CVE-2017-2633} {CVE-2017-5715} {CVE-2017-5753} {CVE-2017-5754} {CVE-2017-7471} {CVE-2017-7493} {CVE-2017-8112} {CVE-2017-8309} {CVE-2017-8379} {CVE-2017-8380} {CVE-2017-9503} {CVE-2018-10839} {CVE-2018-11806} {CVE-2018-12617} {CVE-2018-15746} {CVE-2018-16847} {CVE-2018-16867} {CVE-2018-17958} {CVE-2018-17962} {CVE-2018-17963} {CVE-2018-18849} {CVE-2018-19364} {CVE-2018-19489} {CVE-2018-3639} {CVE-2018-5683} {CVE-2018-7550} {CVE-2018-7858}
  • qemu.spec: Initial qemu.spec (Mark Kanda)
  • virtio-pci: Set subsystem vendor ID to Oracle (Mark Kanda)
  • qemu_regdump.py: Initial qemu_regdump.py (Mark Kanda)
  • qmp-regdump: Initial qmp-regdump (Mark Kanda)
  • bridge.conf: Initial bridge.conf (Mark Kanda)
  • kvm.conf: Initial kvm.conf (Mark Kanda)
  • 80-kvm.rules: Initial 80-kvm.rules (Mark Kanda)

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.976 High

EPSS

Percentile

100.0%