Lucene search

K
oraclelinuxOracleLinuxELSA-2021-4191
HistoryNov 16, 2021 - 12:00 a.m.

virt:ol and virt-devel:ol security, bug fix, and enhancement update

2021-11-1600:00:00
linux.oracle.com
29

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

libguestfs-winsupport
[8.2]

  • Resolves: bz#1810193
    (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)
    libguestfs
    [1.40.2-28.0.1]
  • Replace upstream references from description tag
  • Config supermin to use host yum.conf in ol8 [Orabug: 29319324]
  • Set DISTRO_ORACLE_LINUX correspeonding to ol
    [1:1.40.2-28]
  • daemon: lvm: Use lvcreate --yes to avoid interactive prompts
    resolves: rhbz#1933640
    libnbd
    [1.2.2]
  • Resolves: bz#1844296
    (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)
    [1.2.2-1]
  • New stable release 1.2.2.
    libvirt-dbus
    [1.3.0]
  • Resolves: bz#1810193
    (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)
    libvirt-python
    [6.0.0]
  • Resolves: bz#1810193
    (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)
    libvirt
    [6.0.0-37.0.1]
  • Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554]
  • Add runtime deps for pkg librbd1 >= 1:10.2.5 (Keshav Sharma)
  • Disable parallel builds (Karl Heubaum)
    [6.0.0-37]
  • security: fix SELinux label generation logic (CVE-2021-3631)
  • storage_driver: Unlock object on ACL fail in storagePoolLookupByTargetPath (CVE-2021-3667)
    [6.0.0-36]
  • network: make it safe to call networkSetupPrivateChains() multiple times (rhbz#1942805)
  • network: force re-creation of iptables private chains on firewalld restart (rhbz#1942805)
  • hostdev: Update mdev pointer reference after checking device type (rhbz#1940449)
  • hostdev: mdev: Lookup mdevs by sysfs path rather than mdev struct (rhbz#1940449)
  • qemu_firmware: dont error out for unknown firmware features (rhbz#1961562)
  • docs: improve description of secure attribute for loader element (rhbz#1929357)
  • conf: introduce virDomainDefParseBootInitOptions (rhbz#1929357)
  • conf: introduce virDomainDefParseBootKernelOptions (rhbz#1929357)
  • conf: introduce virDomainDefParseBootFirmwareOptions (rhbz#1929357)
  • conf: introduce virDomainDefParseBootLoaderOptions (rhbz#1929357)
  • conf: introduce virDomainDefParseBootAcpiOptions (rhbz#1929357)
  • conf: use switch in virDomainDefParseBootOptions (rhbz#1929357)
  • conf: introduce support for firmware auto-selection feature filtering (rhbz#1929357)
  • qemu: implement support for firmware auto-selection feature filtering (rhbz#1929357)
  • domain_conf: Dont leak def->os.firmwareFeatures (rhbz#1929357)
  • conf: remove duplicated firmware type attribute (rhbz#1929357)
    nbdkit
    [1.16.2-4.0.1]
  • Replace upstream references within the description tag
    [1.16.2]
  • Resolves: bz#1810193
    (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)
    [1.16.2]
  • Resolves: bz#1810193
    (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)
    perl-Sys-Virt
    [6.0.0]
  • Resolves: bz#1810193
    (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)
    qemu-kvm
    [4.2.0-59]
  • kvm-scsi-make-io_timeout-configurable.patch [bz#1994041]
  • Resolves: bz#1994041
    (qemu-kvm scsi: change default passthrough timeout to non-infinite)
    [4.2.0-58.el8]
  • kvm-virtiofsd-Disable-remote-posix-locks-by-default.patch [bz#1967496]
  • kvm-virtiofsd-Fix-the-help-message-of-posix-lock.patch [bz#1967496]
  • Resolves: bz#1967496
    ([virtio-fs] nfs/xfstest generic/089 generic/478 generic/632 failed)
    [4.2.0-57]
  • kvm-aio-wait-delegate-polling-of-main-AioContext-if-BQL-.patch [bz#1969848]
  • kvm-async-use-explicit-memory-barriers.patch [bz#1969848]
  • Resolves: bz#1969848
    (qemu-img convert hangs on aarch64)
    [4.2.0-56]
  • kvm-glib-compat-add-g_unix_get_passwd_entry_qemu.patch [bz#1967716]
  • kvm-qga-add-ssh-add-remove-authorized-keys.patch [bz#1967716]
  • kvm-qga-add-reset-argument-to-ssh-add-authorized-keys.patch [bz#1967716]
  • kvm-qga-add-ssh-get-authorized-keys.patch [bz#1967716]
  • kvm-Add-mtod_check.patch [bz#1970819 bz#1970835 bz#1970843 bz#1970853]
  • kvm-bootp-limit-vendor-specific-area-to-input-packet-mem.patch [bz#1970819 bz#1970835 bz#1970843 bz#1970853]
  • kvm-bootp-check-bootp_input-buffer-size.patch [bz#1970819]
  • kvm-upd6-check-udp6_input-buffer-size.patch [bz#1970835]
  • kvm-tftp-check-tftp_input-buffer-size.patch [bz#1970843]
  • kvm-tftp-introduce-a-header-structure.patch [bz#1970819 bz#1970835 bz#1970843 bz#1970853]
  • kvm-udp-check-upd_input-buffer-size.patch [bz#1970853]
  • kvm-Fix-DHCP-broken-in-libslirp-v4.6.0.patch [bz#1970819 bz#1970835 bz#1970843 bz#1970853]
  • kvm-net-check-if-the-file-descriptor-is-valid-before-usi.patch [bz#1982134]
  • kvm-net-detect-errors-from-probing-vnet-hdr-flag-for-TAP.patch [bz#1982134]
  • Resolves: bz#1967716
    (RFE: rebuild guest agent to include public ssh injection api support)
  • Resolves: bz#1970819
    (CVE-2021-3592 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (bootp) [rhel-8])
  • Resolves: bz#1970835
    (CVE-2021-3593 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp6) [rhel-8])
  • Resolves: bz#1970843
    (CVE-2021-3595 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (tftp) [rhel-8])
  • Resolves: bz#1970853
    (CVE-2021-3594 virt:rhel/qemu-kvm: QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp) [rhel-8])
  • Resolves: bz#1982134
    (QEMU core dump while booting guest with a non-exist fd on tap)
    seabios
    [1.13.0]
  • Resolves: bz#1844296
    (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)
    [1.13.0]
  • Resolves: bz#1810193
    (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)
    supermin
    [5.1.19]
  • Resolves: bz#1810193
    (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P