Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
oraclelinuxOracleLinuxELSA-2021-9034
HistoryFeb 08, 2021 - 12:00 a.m.

qemu security update

2021-02-0800:00:00
linux.oracle.com
174

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON

[15:4.2.1-4.el7]

  • Document CVE-2020-25723 as fixed (Mark Kanda) [Orabug: 32222397] {CVE-2020-25084} {CVE-2020-25723}
  • hw/net/e1000e: advance desc_offset in case of null descriptor (Prasad J Pandit) [Orabug: 32217517] {CVE-2020-28916}
  • i386: Add 2nd Generation AMD EPYC processors (Moger, Babu) [Orabug: 32217570]
  • libslirp: Update version to include CVE fixes (Mark Kanda) [Orabug: 32208456] [Orabug: 32208462] {CVE-2020-29129} {CVE-2020-29130}
  • Document CVE-2020-25624 as fixed (Mark Kanda) [Orabug: 32212527] {CVE-2020-25624} {CVE-2020-25625}
  • pvpanic: Advertise the PVPANIC_CRASHLOADED event support (Paolo Bonzini) [Orabug: 32102853]
  • ati: check x y display parameter values (Prasad J Pandit) [Orabug: 32108251] {CVE-2020-27616}
  • Add AArch64 support for QMP regdump tool and sosreport plugin (Mark Kanda) [Orabug: 32080658]
  • Add qemu_regdump sosreport plugin support for ‘-mon’ QMP sockets (Mark Kanda)
  • migration/dirtyrate: present dirty rate only when querying the rate has completed (Chuan Zheng)
  • migration/dirtyrate: record start_time and calc_time while at the measuring state (Chuan Zheng)
  • migration/dirtyrate: Add trace_calls to make it easier to debug (Chuan Zheng)
  • migration/dirtyrate: Implement qmp_cal_dirty_rate()/qmp_get_dirty_rate() function (Chuan Zheng)
  • migration/dirtyrate: Implement calculate_dirtyrate() function (Chuan Zheng)
  • migration/dirtyrate: Implement set_sample_page_period() and is_sample_period_valid() (Chuan Zheng)
  • migration/dirtyrate: skip sampling ramblock with size below MIN_RAMBLOCK_SIZE (Chuan Zheng)
  • migration/dirtyrate: Compare page hash results for recorded sampled page (Chuan Zheng)
  • migration/dirtyrate: Record hash results for each sampled page (Chuan Zheng)
  • migration/dirtyrate: move RAMBLOCK_FOREACH_MIGRATABLE into ram.h (Chuan Zheng)
  • migration/dirtyrate: Add dirtyrate statistics series functions (Chuan Zheng)
  • migration/dirtyrate: Add RamblockDirtyInfo to store sampled page info (Chuan Zheng)
  • migration/dirtyrate: add DirtyRateStatus to denote calculation status (Chuan Zheng)
  • migration/dirtyrate: setup up query-dirtyrate framwork (Chuan Zheng)
  • ram_addr: Split RAMBlock definition (Juan Quintela)
    [15:4.2.1-3.el7]
  • qemu-kvm.spec: Install block storage module RPMs by default (Karl Heubaum) [Orabug: 31943789]
  • qemu-kvm.spec: Enable block-ssh module RPM (Karl Heubaum) [Orabug: 31943763]
  • hw: usb: hcd-ohci: check for processed TD before retire (Prasad J Pandit) [Orabug: 31901690] {CVE-2020-25625}
  • hw: usb: hcd-ohci: check len and frame_number variables (Prasad J Pandit) [Orabug: 31901690] {CVE-2020-25625}
  • hw: ehci: check return value of ‘usb_packet_map’ (Li Qiang) [Orabug: 31901649] {CVE-2020-25084}
  • hw: xhci: check return value of ‘usb_packet_map’ (Li Qiang) [Orabug: 31901649] {CVE-2020-25084}
  • qemu.spec: Enable ‘-Werror’ for OL7 builds (Mark Kanda) [Orabug: 31922718]
  • usb: fix setup_len init (CVE-2020-14364) (Gerd Hoffmann) [Orabug: 31848849] {CVE-2020-14364}
  • Document CVE-2020-12829 and CVE-2020-14415 as fixed (Mark Kanda) [Orabug: 31855502] [Orabug: 31855427] {CVE-2020-12829} {CVE-2020-14415}
    [15:4.2.1-2.el7]
  • hw/net/xgmac: Fix buffer overflow in xgmac_enet_send() (Mauro Matteo Cascella) [Orabug: 31667649] {CVE-2020-15863}
  • hw/net/net_tx_pkt: fix assertion failure in net_tx_pkt_add_raw_fragment() (Mauro Matteo Cascella) [Orabug: 31737809] {CVE-2020-16092}
  • migration: fix memory leak in qmp_migrate_set_parameters (Zheng Chuan) [Orabug: 31806256]
  • virtio-net: fix removal of failover device (Juan Quintela) [Orabug: 31806255]
  • pvpanic: implement crashloaded event handling (Zhenwei Pi) [Orabug: 31677154]
  • pvpanic: introduce crashloaded for pvpanic (Zhenwei Pi) [Orabug: 31677154]
    [15:4.2.1-1.el7]
  • hw/sd/sdcard: Do not switch to ReceivingData if address is invalid (Philippe Mathieu-Daude) [Orabug: 31414336] {CVE-2020-13253}
  • hw/sd/sdcard: Update coding style to make checkpatch.pl happy (Philippe Mathieu-Daude) [Orabug: 31414336]
  • hw/sd/sdcard: Do not allow invalid SD card sizes (Philippe Mathieu-Daude) [Orabug: 31414336] {CVE-2020-13253}
  • hw/sd/sdcard: Simplify realize() a bit (Philippe Mathieu-Daude) [Orabug: 31414336]
  • hw/sd/sdcard: Restrict Class 6 commands to SCSD cards (Philippe Mathieu-Daude) [Orabug: 31414336]
  • libslirp: Update to v4.3.1 to fix CVE-2020-10756 (Karl Heubaum) [Orabug: 31604999] {CVE-2020-10756}
  • Document CVEs as fixed 2/2 (Karl Heubaum) [Orabug: 30618035] {CVE-2017-18043} {CVE-2018-10839} {CVE-2018-11806} {CVE-2018-12617} {CVE-2018-15746} {CVE-2018-16847} {CVE-2018-16867} {CVE-2018-17958} {CVE-2018-17962} {CVE-2018-17963} {CVE-2018-18849} {CVE-2018-19364} {CVE-2018-19489} {CVE-2018-3639} {CVE-2018-5683} {CVE-2018-7550} {CVE-2018-7858} {CVE-2019-12068} {CVE-2019-15034} {CVE-2019-15890} {CVE-2019-20382} {CVE-2020-10702} {CVE-2020-10761} {CVE-2020-11102} {CVE-2020-11869} {CVE-2020-13361} {CVE-2020-13765} {CVE-2020-13800} {CVE-2020-1711} {CVE-2020-1983} {CVE-2020-8608}
  • Document CVEs as fixed 1/2 (Karl Heubaum) [Orabug: 30618035] {CVE-2017-10806} {CVE-2017-11334} {CVE-2017-12809} {CVE-2017-13672} {CVE-2017-13673} {CVE-2017-13711} {CVE-2017-14167} {CVE-2017-15038} {CVE-2017-15119} {CVE-2017-15124} {CVE-2017-15268} {CVE-2017-15289} {CVE-2017-16845} {CVE-2017-17381} {CVE-2017-18030} {CVE-2017-2630} {CVE-2017-2633} {CVE-2017-5715} {CVE-2017-5753} {CVE-2017-5754} {CVE-2017-5931} {CVE-2017-6058} {CVE-2017-7471} {CVE-2017-7493} {CVE-2017-8112} {CVE-2017-8309} {CVE-2017-8379} {CVE-2017-8380} {CVE-2017-9503} {CVE-2017-9524} {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2018-16872} {CVE-2018-20123} {CVE-2018-20124} {CVE-2018-20125} {CVE-2018-20126} {CVE-2018-20191} {CVE-2018-20216} {CVE-2018-20815} {CVE-2019-11091} {CVE-2019-12155} {CVE-2019-14378} {CVE-2019-3812} {CVE-2019-5008} {CVE-2019-6501} {CVE-2019-6778} {CVE-2019-8934} {CVE-2019-9824}
  • qemu-kvm.spec: Add .spec file for OL8 (Karl Heubaum) [Orabug: 30618035]
  • qemu.spec: Add .spec file for OL7 (Karl Heubaum) [Orabug: 30618035]
  • qemu-submodule-init: Add Git submodule init script (Karl Heubaum) [Orabug: 30618035]
  • vhost.conf: Initial vhost.conf (Karl Heubaum) [Orabug: 30618035]
  • parfait: Add buildrpm/parfait-qemu.conf (Karl Heubaum) [Orabug: 30618035]
  • virtio: Set PCI subsystem vendor ID to Oracle (Karl Heubaum) [Orabug: 30618035]
  • qemu_regdump.py: Initial qemu_regdump.py (Karl Heubaum) [Orabug: 30618035]
  • qmp-regdump: Initial qmp-regdump (Karl Heubaum) [Orabug: 30618035]
  • bridge.conf: Initial bridge.conf (Karl Heubaum) [Orabug: 30618035]
  • kvm.conf: Initial kvm.conf (Karl Heubaum) [Orabug: 30618035]
  • 80-kvm.rules: Initial 80-kvm.rules (Karl Heubaum) [Orabug: 30618035]
  • exec: set map length to zero when returning NULL (Prasad J Pandit) [Orabug: 31439733] {CVE-2020-13659}
  • megasas: use unsigned type for reply_queue_head and check index (Prasad J Pandit) [Orabug: 31414338] {CVE-2020-13362}
  • memory: Revert ‘memory: accept mismatching sizes in memory_region_access_valid’ (Michael S. Tsirkin) [Orabug: 31439736] [Orabug: 31452202] {CVE-2020-13754} {CVE-2020-13791}
    [15:4.1.1-3.el7]
  • buildrpm/spec files: Dont package elf2dmp (Karl Heubaum) [Orabug: 31657424]
  • qemu-kvm.spec: Enable the block-curl package (Karl Heubaum) [Orabug: 31657424]
  • qemu.spec: enable have_curl in spec (Dongli Zhang) [Orabug: 31657424]
    [15:4.1.1-2.el7]
  • Document CVE-2020-13765 as fixed (Karl Heubaum) [Orabug: 31463250] {CVE-2020-13765}
  • kvm: Reallocate dirty_bmap when we change a slot (Dr. David Alan Gilbert) [Orabug: 31076399]
  • kvm: split too big memory section on several memslots (Igor Mammedov) [Orabug: 31076399]
  • target/i386: do not set unsupported VMX secondary execution controls (Vitaly Kuznetsov) [Orabug: 31463710]
  • target/i386: add VMX definitions (Paolo Bonzini) [Orabug: 31463710]
  • ati-vga: check mm_index before recursive call (CVE-2020-13800) (Prasad J Pandit) [Orabug: 31452206] {CVE-2020-13800}
  • es1370: check total frame count against current frame (Prasad J Pandit) [Orabug: 31463235] {CVE-2020-13361}
  • ati-vga: Fix checks in ati_2d_blt() to avoid crash (BALATON Zoltan) [Orabug: 31238432] {CVE-2020-11869}
  • libslirp: Update to stable-4.2 to fix CVE-2020-1983 (Karl Heubaum) [Orabug: 31241227] {CVE-2020-1983}
  • Document CVEs as fixed (Karl Heubaum) {CVE-2019-12068} {CVE-2019-15034}
  • libslirp: Update to version 4.2.0 to fix CVEs (Karl Heubaum) [Orabug: 30274592] [Orabug: 30869830] {CVE-2019-15890} {CVE-2020-8608}
  • target/i386: add support for MSR_IA32_TSX_CTRL (Paolo Bonzini) [Orabug: 31124041]
  • qemu-img: Add --target-is-zero to convert (David Edmondson)
  • vnc: fix memory leak when vnc disconnect (Li Qiang) [Orabug: 30996427] {CVE-2019-20382}
  • iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711) (Felipe Franciosi) [Orabug: 31124035] {CVE-2020-1711}
  • qemu.spec: Remove ‘BuildRequires: kernel’ (Karl Heubaum) [Orabug: 31124047]
    [15:4.1.1-1.el7]
  • qemu-submodule-init: Add Git submodule init script
OSVersionArchitecturePackageVersionFilename
oracle linux7srcqemu< 4.2.1-4.el7qemu-4.2.1-4.el7.src.rpm
oracle linux7aarch64ivshmem-tools< 4.2.1-4.el7ivshmem-tools-4.2.1-4.el7.aarch64.rpm
oracle linux7aarch64qemu< 4.2.1-4.el7qemu-4.2.1-4.el7.aarch64.rpm
oracle linux7aarch64qemu-block-gluster< 4.2.1-4.el7qemu-block-gluster-4.2.1-4.el7.aarch64.rpm
oracle linux7aarch64qemu-block-iscsi< 4.2.1-4.el7qemu-block-iscsi-4.2.1-4.el7.aarch64.rpm
oracle linux7aarch64qemu-block-rbd< 4.2.1-4.el7qemu-block-rbd-4.2.1-4.el7.aarch64.rpm
oracle linux7aarch64qemu-common< 4.2.1-4.el7qemu-common-4.2.1-4.el7.aarch64.rpm
oracle linux7aarch64qemu-img< 4.2.1-4.el7qemu-img-4.2.1-4.el7.aarch64.rpm
oracle linux7aarch64qemu-kvm< 4.2.1-4.el7qemu-kvm-4.2.1-4.el7.aarch64.rpm
oracle linux7aarch64qemu-kvm-core< 4.2.1-4.el7qemu-kvm-core-4.2.1-4.el7.aarch64.rpm
Rows per page:
1-10 of 231

Related

oraclelinux 14
nessus 95
openvas 35
fedora 8
ubuntu 8
debian 7
osv 6
suse 12
gentoo 2
redhat 6
amazon 2
f5 1
centos 2
archlinux 1
oraclelinux
oraclelinux
qemu security update
2019-03-15 00:00:00
qemu security update
2019-05-14 00:00:00
qemu security update
2018-11-20 00:00:00
nessus
nessus
Oracle Linux 7 : qemu (ELSA-2018-4289)
2023-09-07 00:00:00
Oracle Linux 7 : qemu (ELSA-2018-4285)
2023-09-07 00:00:00
Oracle Linux 7 : qemu (ELSA-2019-4585)
2023-09-07 00:00:00
openvas
openvas
Fedora Update for qemu FEDORA-2019-e9de40d53f
2019-07-11 00:00:00
Debian Security Advisory DSA 4213-1 (qemu - security update)
2018-05-29 00:00:00
Ubuntu Update for qemu USN-3923-1
2019-03-28 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: qemu-3.0.1-4.fc29
2019-07-09 02:25:09
[SECURITY] Fedora 29 Update: qemu-3.0.1-3.fc29
2019-05-17 03:18:08
[SECURITY] Fedora 29 Update: qemu-3.0.0-4.fc29
2019-03-25 06:10:52
ubuntu
ubuntu
QEMU vulnerabilities
2020-08-19 00:00:00
QEMU vulnerabilities
2019-03-27 00:00:00
QEMU regression
2018-03-05 00:00:00
debian
debian
[SECURITY] [DSA 4213-1] qemu security update
2018-05-29 21:25:45
[SECURITY] [DLA 2288-1] qemu security update
2020-07-26 11:51:28
[SECURITY] [DSA 4213-1] qemu security update
2018-05-29 21:25:45
osv
osv
qemu - security update
2018-05-29 00:00:00
qemu - security update
2020-07-25 00:00:00
qemu - security update
2019-05-30 00:00:00
suse
suse
Security update for qemu (important)
2018-03-27 21:08:28
Security update for qemu (important)
2018-12-07 12:23:09
Security update for qemu (important)
2018-03-21 21:07:13
gentoo
gentoo
QEMU: Multiple vulnerabilities
2020-11-11 00:00:00
QEMU: Multiple vulnerabilities
2018-04-08 00:00:00
redhat
redhat
(RHSA-2019:2553) Important: qemu-kvm-rhev security, bug fix, and enhancement update
2019-08-22 09:08:03
(RHSA-2019:2425) Important: qemu-kvm-rhev security and bug fix update
2019-08-09 00:35:44
(RHSA-2018:1104) Important: qemu-kvm-rhev security, bug fix, and enhancement update
2018-04-10 18:43:01
amazon
amazon
Important: qemu-kvm
2018-06-08 18:29:00
Important: qemu-kvm
2018-06-07 23:41:00
f5
f5
K61547155 : QEMU vulnerabilities CVE-2020-10761, CVE-2020-13361, CVE-2020-13362, CVE-2020-13659, and CVE-2020-13754
2020-08-05 00:00:00
centos
centos
qemu security update
2018-04-26 17:50:14
qemu security update
2019-09-27 12:14:41
archlinux
archlinux
[ASA-202012-26] qemu: multiple issues
2020-12-16 00:00:00

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON
Related for ELSA-2021-9034
oraclelinux14nessus95openvas35fedora8ubuntu8debian7osv6suse12gentoo2redhat6amazon2f51centos2archlinux1