Lucene search

K
oraclelinux
OracleLinuxELSA-2021-9568
HistoryDec 01, 2021 - 12:00 a.m.

virt:kvm_utils security update

2021-12-0100:00:00
linux.oracle.com
34

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

hivex
[1.3.18]

  • Resolves: bz#1810193
    (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)
    [1.3.18]
  • Resolves: bz#1810193
    (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)
    libguestfs
    [1:1.40.2-25.0.1]
  • Replace upstream references from description tag
  • Config supermin to use host yum.conf in ol8 [Orabug: 29319324]
  • Set DISTRO_ORACLE_LINUX correspeonding to ol
    [1:1.40.2-25]
  • v2v: handle HTTP/2 replies from vCenter
    resolves: rhbz#1854380
    [1:1.40.2-24]
  • v2v: ship a newer version of rhev-apt.exe
    resolves: rhbz#1849997
    [1:1.40.2-23]
  • Ignore the user.WofCompressedData xattr
    resolves: rhbz#1811539
  • sysprep: new ipa-client and kerberos-hostkeytab operations
    resolves: rhbz#1789592
    [1.40.2]
  • Resolves: bz#1810193
    (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)
    [1:1.38.4-15]
  • Stop building virt-p2v-maker, as it will be built by its own source
    resolves: rhbz#1777924
    libguestfs-winsupport
    [8.2]
  • Resolves: bz#1810193
    (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)
    [8.0-4]
  • Rebuild all virt packages to fix RHEL’s upgrade path
  • Resolves: rhbz#1695587
    (Ensure modular RPM upgrade path)
    [8.0-3]
  • Fix for CVE-2019-9755
    (heap-based buffer overflow leads to local root privilege escalation)
    resolves: rhbz#1698503
    [8.0-2]
  • Fix for ntfsclone crash (RHBZ#1601146).
    [8.0-1]
  • Rebase to 2017.3.23.
  • Remove patches which are now upstream.
  • Resynch with Fedora package.
  • Enable all architectures for RHEL 8.
    [7.2-2]
  • Fix for handling guest filenames with invalid or incomplete
    multibyte or wide characters
    resolves: rhbz#1301593
    [7.2-1]
  • Rebase and rebuild for RHEL 7.2
    resolves: rhbz#1240278
    [7.1-6]
  • Bump version and rebuild.
    related: rhbz#1221583
    [7.1-5]
  • Enable aarch64 architecture.
    resolves: rhbz#1221583
    [7.1-4]
  • Enable debuginfo support and stripping.
    resolves: rhbz#1100319
    [7.1-3]
  • Add patches from Fedora package which add fstrim support.
    resolves: rhbz#1100319
    [7.1-2]
  • New package for RHEL 7.1
  • Rebase to ntfs-3g 2014.2.15
    resolves: rhbz#1100319
  • Change the package so it works with supermin5.
  • Remove dependency on external FUSE.
    [7.0-2]
  • Resync against Rawhide package (ntfs-3g 2013.1.13).
  • Drop HAL file since HAL is dead.
    resolves: rhbz#819939
    [7.0-1]
  • New package for RHEL 7
    resolves: rhbz#819939
  • Resync against Rawhide package.
    [1.0-7]
  • Disable debuginfo package.
    resolves: RHBZ#691555.
    [1.0-6]
  • Require libguestfs 1.7.17 (newer version in RHEL 6.1).
  • Require febootstrap-supermin-helper instead of febootstrap
    resolves: RHBZ#670299.
    [1.0-5]
  • Make sure intermediate lib* directories are created in hostfiles (RHBZ#603429)
    [1.0-4]
  • Requires fuse-libs (RHBZ#599300).
    [1.0-3]
  • ExclusiveArch x86_64.
    [1.0-2]
  • Package Windows support for libguestfs.
    libiscsi
    libnbd
    [1.2.2]
  • Resolves: bz#1844296
    (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)
    libvirt
    [5.7.0-31.el8]
  • qemu: Do not latch guestCPUs when guests hotplug with active domain groups (Wim ten Have) [Orabug: 33440015]
    [5.7.0-30.el8]
  • qemuDomainSnapshotDiskPrepareOne: Fix logic of relative backing store update (Peter Krempa) [Orabug: 33086913]
  • qemu: Don’t set NVRAM label when creating it (Michal Privoznik) [Orabug: 33319048]
  • qemu: protect guestCPUs from drift under vcpu guest timeouts (Wim ten Have) [Orabug: 33368490]
    [5.7.0-29.el8]
  • qemu: vCORE distribution under vNUMA host partitioning should balance guests vCPU:pCPU pinning (Wim ten Have) [Orabug: 32355455]
  • qemuDomainSnapshotDiskPrepareOne: Don’t load the relative path with blockdev (Peter Krempa) [Orabug: 33151464]
  • qemu: block: Support VIR_DOMAIN_BLOCK_COMMIT/PULL/REBASE_RELATIVE with blockdev (Peter Krempa) [Orabug: 33151464]
  • qemu: Tell secdrivers which images are top parent (Michal Privoznik) [Orabug: 33086913]
  • security: Introduce VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP flag (Michal Privoznik) [Orabug: 33086913]
    [5.7.0-28.el8]
  • qemu_capabilities: Rework domain caps cache (Michal Privoznik) [Orabug: 32664432]
  • tests: fix virArchFromHost() redefine error (Joe Jin) [Orabug: 32664432]
  • qemu: cache host arch separately from virCapsPtr (Daniel P. Berrange) [Orabug: 32664432]
  • cpu.c: Check properly for virCapabilitiesGetNodeInfo() retval (Michal Privoznik) [Orabug: 32664432]
  • virStorageSourceParseBackingJSONRaw: Parse ‘offset’ and ‘size’ attributes (Peter Krempa) [Orabug: 32164351]
  • tests: qemu: Add test data for the new
    element (Peter Krempa) [Orabug: 32164351]
  • qemu: Add support for slices of type ‘storage’ (Peter Krempa) [Orabug: 32164351]
  • tests: qemublock: Add cases for creating image overlays on top of disks with
    (Peter Krempa) [Orabug: 32164351]
  • qemu: block: Properly format storage slice into backing store strings (Peter Krempa) [Orabug: 32164351]
  • qemu: domain: Store nodenames of slice in status XML (Peter Krempa) [Orabug: 32164351]
  • conf: Implement support for
    of disk source (Peter Krempa) [Orabug: 32164351]
  • docs: Document the new
    sub-element of disk’s
    (Peter Krempa) [Orabug: 32164351]
  • qemu: block: forbid creation of storage sources with
    (Peter Krempa) [Orabug: 32164351]
  • qemuDomainValidateStorageSource: Reject unsupported slices (Peter Krempa) [Orabug: 32164351]
  • qemuBlockStorageSourceGetFormatRawProps: format ‘offset’ and ‘size’ for slice (Peter Krempa) [Orabug: 32164351]
  • util: virstoragefile: Add data structure for storing storage source slices (Peter Krempa) [Orabug: 32164351]
  • tests: virstorage: Add test data for json specified raw image with offset/size (Peter Krempa) [Orabug: 32164351]
  • docs: formatdomain: Close
    on one of disk examples (Peter Krempa) [Orabug: 32164351]
  • qemu: domain: Refactor formatting of node names into status XML (Peter Krempa) [Orabug: 32164351]
  • tests: virstorage: Add test cases for ‘json:’ pseudo-URI without ‘file’ wrapper (Peter Krempa) [Orabug: 32164351]
  • virStorageSourceParseBackingJSON: Prevent arbitrary nesting with format drivers (Peter Krempa) [Orabug: 32164351]
  • virStorageSourceParseBackingJSON: Allow ‘json:’ pseudo URIs without ‘file’ wrapper (Peter Krempa) [Orabug: 32164351]
  • virStorageSourceJSONDriverParser: annotate ‘format’ drivers (Peter Krempa) [Orabug: 32164351]
  • virStorageSourceParseBackingJSON: Move deflattening of json: URIs out of recursion (Peter Krempa) [Orabug: 32164351]
  • virStorageSourceParseBackingJSON: Pass around original backing file string (Peter Krempa) [Orabug: 32164351]
  • qemu: enable blockdev support (Peter Krempa) [Orabug: 32164351]
  • qemu: Instantiate pflash via -machine when using blockdev (Peter Krempa) [Orabug: 32164351]
  • qemu: command: Build the ‘pflash’ drives via -machine (Peter Krempa) [Orabug: 32164351]
  • qemu: command: Build -blockdev-s for backing of pflash (Peter Krempa) [Orabug: 32164351]
  • qemu: domain: Introduce helper to convert
    into virStorageSource (Peter Krempa) [Orabug: 32164351]
  • qemu: domain: Store virStorageSources representing pflash backing (Peter Krempa) [Orabug: 32164351]
  • qemu: command: Extract formatting of -drive for pflash (Peter Krempa) [Orabug: 32164351]
  • qemu: capabilities: Add detection of the ‘savevm’ fix for -blockdev (Peter Krempa) [Orabug: 32164351]
  • qemu: qapi: Add support for command features (Peter Krempa) [Orabug: 32164351]
  • qemu: caps: Add capability for dynamic ‘auto-read-only’ support for files (Peter Krempa) [Orabug: 32164351]
  • tests: qemucapabilities: Refresh data for unreleased qemu-4.2 on x86_64 (Peter Krempa) [Orabug: 32164351]
  • qemu: caps: Base support of ‘backingStoreInput’ domain feature on QEMU_CAPS_BLOCKDEV (Peter Krempa) [Orabug: 32164351]
  • docs: Document support for obeying
    of
    on input (Peter Krempa) [Orabug: 32164351]
  • conf: domcaps: Add ‘backingStoreInput’ domain capability (Peter Krempa) [Orabug: 32164351]
  • qemu: domcaps: Simplify adding new domaincaps based on qemu caps (Peter Krempa) [Orabug: 32164351]
  • domaincaps: Store domain capability features in an array (Peter Krempa) [Orabug: 32164351]
  • qemu: domcaps: Initialize all features (Peter Krempa) [Orabug: 32164351]
  • domcaps: Add function for initializing domain caps as unsupported (Peter Krempa) [Orabug: 32164351]
  • conf: domaincaps: Use virXMLFormatElement in virDomainCapsFormatFeatures (Peter Krempa) [Orabug: 32164351]
  • conf: domaincaps: Extract formatting of the
    subelement (Peter Krempa) [Orabug: 32164351]
  • conf: domaincaps: Replace FORMAT_SINGLE macro by a function (Peter Krempa) [Orabug: 32164351]
  • conf: capabilities: Modernize virCapabilitiesFormatMemoryBandwidth (Peter Krempa) [Orabug: 32164351]
  • conf: caps: Modernize virCapabilitiesFormatCaches (Peter Krempa) [Orabug: 32164351]
  • conf: turn virDomainMemtuneFormat void (Peter Krempa) [Orabug: 32164351]
  • conf: domain: Split up formatting of
    and
    (Peter Krempa) [Orabug: 32164351]
  • conf: Rename virDomainCapsFeature to virDomainProcessCapsFeature (Peter Krempa) [Orabug: 32164351]
  • conf: storagecaps: Fix broken attempt at being const-correct (Peter Krempa) [Orabug: 32164351]
  • conf: domaincaps: Fix broken attempt at being const-correct (Peter Krempa) [Orabug: 32164351]
  • qemu: caps: Make capability filler functions void (Peter Krempa) [Orabug: 32164351]
  • util: buffer: Add init macro for automatically setting child XML indent (Peter Krempa) [Orabug: 32164351]
  • qemu: snapshot: Fix inactive external snapshots when backing chain is present (Peter Krempa) [Orabug: 32164351]
  • qemu: blockjob: Transfer ‘readonly’ state of images after active layer block commit (Peter Krempa) [Orabug: 32164351]
  • qemu: command: Use XML based disk bus convertor in error message (Peter Krempa) [Orabug: 32164351]
  • storagefile: Fill in meta->externalDataStore (Cole Robinson) [Orabug: 32164351]
  • storagefile: Add externalDataStore member (Cole Robinson) [Orabug: 32164351]
  • storagefile: Split out virStorageSourceNewFromChild (Cole Robinson) [Orabug: 32164351]
  • storagefile: Don’t access backingStoreRaw directly in FromBackingRelative (Cole Robinson) [Orabug: 32164351]
  • storagefile: Fill in meta->externalDataStoreRaw (Cole Robinson) [Orabug: 32164351]
  • storagefile: Add externalDataStoreRaw member (Cole Robinson) [Orabug: 32164351]
  • storagefile: Fix backing format \0 check (Cole Robinson) [Orabug: 32164351]
  • storagefile: Rename qcow2GetExtensions ‘format’ argument (Cole Robinson) [Orabug: 32164351]
  • storagefile: Rename qcow2GetBackingStoreFormat (Cole Robinson) [Orabug: 32164351]
  • storagefile: Push extension_end calc to qcow2GetBackingStoreFormat (Cole Robinson) [Orabug: 32164351]
  • storagefile: Push ‘start’ into qcow2GetBackingStoreFormat (Cole Robinson) [Orabug: 32164351]
  • storagefile: Use qcowXGetBackingStore directly (Cole Robinson) [Orabug: 32164351]
  • storagefile: Drop now unused isQCow2 argument (Cole Robinson) [Orabug: 32164351]
  • storagefile: Check version to determine if qcow2 or not (Cole Robinson) [Orabug: 32164351]
  • storagefile: qcow1: Let qcowXGetBackingStore fill in format (Cole Robinson) [Orabug: 32164351]
  • storagefile: qcow1: Fix check for empty backing file (Cole Robinson) [Orabug: 32164351]
  • storagefile: qcow1: Check for BACKING_STORE_OK (Cole Robinson) [Orabug: 32164351]
  • qemu: snapshot: Don’t update current snapshot until we’re done (Peter Krempa) [Orabug: 32164351]
  • qemu: block: Replace snapshot transaction action generator (Peter Krempa) [Orabug: 32164351]
  • tests: qemumonitor: Add testing for the ‘transaction’ command and generators (Peter Krempa) [Orabug: 32164351]
  • qemu: monitor: Add transaction generators for snapshot APIs (Peter Krempa) [Orabug: 32164351]
  • qemu: monitor: Add transaction generators for dirty bitmap APIs (Peter Krempa) [Orabug: 32164351]
  • tests: qemucapabilities: fix 4.2.0 qemucapabilities (Joe Jin) [Orabug: 32164351]
  • qemu: checkpoint: Do ACL check prior to snapshot interlocking (Peter Krempa) [Orabug: 32164351]
  • qemu: driver: Remove misplaced qemuDomainObjEndJob in qemuDomainCheckpointGetXMLDesc (Peter Krempa) [Orabug: 32164351]
  • conf: Drop pointless ‘domain’ argument from virDomainSnapshotRedefinePrep (Peter Krempa) [Orabug: 32164351]
  • conf: Drop pointless ‘domain’ argument from virDomainCheckpointRedefinePrep (Peter Krempa) [Orabug: 32164351]
  • tests: qemucapabilities: Update caps of qemu-4.1 to released version (Peter Krempa) [Orabug: 32164351]
  • tests: add qemu capabilities data for qemu 4.2 (Peter Krempa) [Orabug: 32164351]
  • lxc: fix compile error (Joe Jin) [Orabug: 32164351]
  • qemu: driver: Remove QEMU_ADD_BLOCK_PARAM_LL macro (Peter Krempa) [Orabug: 32164351]
  • qemu: driver: Don’t return anything from qemuDomainBlockStatsGatherTotals (Peter Krempa) [Orabug: 32164351]
  • qemu: driver: Remove pointless macro QEMU_BLOCK_STAT_TOTAL (Peter Krempa) [Orabug: 32164351]
  • qemu: monitor: Change fields in qemuBlockStats to ‘unsigned’ (Peter Krempa) [Orabug: 32164351]
  • qemu: monitor: Refactor cleanup in qemuMonitorJSONGetAllBlockStatsInfo (Peter Krempa) [Orabug: 32164351]
  • qemu: monitor: Refactor cleanup in qemuMonitorJSONGetOneBlockStatsInfo (Peter Krempa) [Orabug: 32164351]
  • qemu: monitor: Refactor cleanup in qemuMonitorJSONBlockStatsCollectData (Peter Krempa) [Orabug: 32164351]
  • qemu: Remove stale comment for qemuDomainBlockStats (Peter Krempa) [Orabug: 32164351]
  • qemu_blockjob: Remove secdriver metadata for whole backing chain on job completion (Michal Privoznik) [Orabug: 32164351]
  • qemu: hotplug: Use VIR_AUTOFREE() instead VIR_FREE for strings (Daniel Henrique Barboza) [Orabug: 32164351]
  • qemu: snapshot: Do ACL check prior to checkpoint interlocking (Peter Krempa) [Orabug: 32164351]
  • qemuCheckDiskConfigAgainstDomain: Validate disk’s SCSI address iff disk is SCSI (Xu Yandong) [Orabug: 32164351]
  • qemuSharedDeviceEntryRemove: Free domain name before VIR_DELETE_ELEMENT (Xu Yandong) [Orabug: 32164351]
  • qemu_capabilities: Temporarily disable dbus-vmstate capability (Michal Privoznik) [Orabug: 32164351]
  • Revert ‘qemu: add socket datagram capability’ (Michal Privoznik) [Orabug: 32164351]
  • tests: qemustatusxml2xml: Fix disk target mess (Peter Krempa) [Orabug: 32164351]
  • snapshot: Store both config and live XML in the snapshot domain (Maxiwell S. Garcia) [Orabug: 32164351]
  • qemu: formatting XML from domain def choosing the root name (Maxiwell S. Garcia) [Orabug: 32164351]
  • qemu: Don’t leak domain def when RevertToSnapshot fails (Jiri Denemark) [Orabug: 32164351]
  • qemu: Fix regression in snapshot-revert (Eric Blake) [Orabug: 32164351]
  • lib: Define and use autofree for virConfPtr (Michal Privoznik) [Orabug: 32164351]
  • qemu_conf: Use more of VIR_AUTOUNREF() (Michal Privoznik) [Orabug: 32164351]
  • qemu_conf: Use more of VIR_AUTOFREE() (Michal Privoznik) [Orabug: 32164351]
  • qemu_conf: Drop a pair of needless ‘cleanup’ labels (Michal Privoznik) [Orabug: 32164351]
  • virhostdev: Don’t unref @pcidevs twice (Michal Privoznik) [Orabug: 32164351]
  • qemu_conf.c: introduce qemuAddRemoveSharedDeviceInternal (Daniel Henrique Barboza) [Orabug: 32164351]
  • qemu_conf.c: introduce qemuAddRemoveSharedDiskInternal (Daniel Henrique Barboza) [Orabug: 32164351]
  • qemu_conf.c: introduce qemuAddRemoveSharedHostdevInternal (Daniel Henrique Barboza) [Orabug: 32164351]
  • remote: fix UNIX socket path being incorrectly built for libvirtd (eater) [Orabug: 32164351]
  • lib: Grab write lock when modifying list of domains (Michal Privoznik) [Orabug: 32164351]
  • qemu: reset VM id after external devices stop (Marc-Andre Lureau) [Orabug: 32164351]
  • qemu: add dbus-vmstate capability (Marc-Andre Lureau) [Orabug: 32164351]
  • qemu: add socket datagram capability (Marc-Andre Lureau) [Orabug: 32164351]
  • tests: fix xml2xml tpm-emulator.xml test (Marc-Andre Lureau) [Orabug: 32164351]
  • qemu: migration: Switch to blockdev mode for non-shared storage migration (Peter Krempa) [Orabug: 32164351]
  • qemu: migration: Refactor cleanup in qemuMigrationSrcNBDStorageCopy (Peter Krempa) [Orabug: 32164351]
  • qemu: migration: Refactor cleanup in qemuMigrationSrcNBDStorageCopyBlockdev (Peter Krempa) [Orabug: 32164351]
  • qemu: Defer support checks for external active snapshots to blockdev code or qemu (Peter Krempa) [Orabug: 32164351]
  • qemu: Add -blockdev support for external snapshots (Peter Krempa) [Orabug: 32164351]
  • qemu: snapshot: Skip overlay file creation/interogation if unsupported (Peter Krempa) [Orabug: 32164351]
  • qemu: Merge use of ‘reuse’ flag in qemuDomainSnapshotDiskPrepareOne (Peter Krempa) [Orabug: 32164351]
  • qemu: Disband qemuDomainSnapshotCreateSingleDiskActive (Peter Krempa) [Orabug: 32164351]
  • qemu: snapshot: Rename external disk snapshot handling functions (Peter Krempa) [Orabug: 32164351]
  • qemu: snapshot: Move error preservation to qemuDomainSnapshotDiskDataCleanup (Peter Krempa) [Orabug: 32164351]
  • qemu: snapshot: Save status and config XMLs only on success (Peter Krempa) [Orabug: 32164351]
  • qemu: snapshot: Fix image lock handling when taking a snapshot (Peter Krempa) [Orabug: 32164351]
  • qemu: driver: Fix shallow non-reuse block copy (Peter Krempa) [Orabug: 32164351]
  • qemu: Explicitly pass backing store to qemuBuildStorageSourceChainAttachPrepareBlockdevTop (Peter Krempa) [Orabug: 32164351]
  • qemu: block: explicitly pass backing store to qemuBlockStorageSourceAttachPrepareBlockdev (Peter Krempa) [Orabug: 32164351]
  • qemu: command: Refactor qemuBuildStorageSourceChainAttachPrepareBlockdevInternal (Peter Krempa) [Orabug: 32164351]
  • qemu: block: Explicitly specify backingStore when creating format layer props (Peter Krempa) [Orabug: 32164351]
  • qemu: block: Unify conditions to format backing store of format node definition (Peter Krempa) [Orabug: 32164351]
  • qemu: Prevent storage causing too much nested XML (Peter Krempa) [Orabug: 32164351]
  • qemu: domain: Refactor cleanup in qemuDomainDetermineDiskChain (Peter Krempa) [Orabug: 32164351]
  • qemu: hotplug: Setup disk throttling with blockdev (Peter Krempa) [Orabug: 32164351]
  • qemu: hotplug: Use VIR_AUTOFREE in qemuDomainAttachDiskGeneric (Peter Krempa) [Orabug: 32164351]
  • qemu: hotplug: Simplify cleanup in qemuDomainChangeMediaLegacy (Peter Krempa) [Orabug: 32164351]
  • qemu: Fix qemuDomainObjTaint with virtlogd (Jiri Denemark) [Orabug: 32164351]
  • qemu: monitor: Fix formatting of ‘offset’ in qemuMonitorJSONSaveMemory (Peter Krempa) [Orabug: 32164351]
  • tests: qemublock: Use bigger numbers as dummy capacity/physical (Peter Krempa) [Orabug: 32164351]
  • qemu: block: Use correct type when creating image size JSON entries (Peter Krempa) [Orabug: 32164351]
  • Exadata: protect vNUMA/SMT from artificially injected faults (Wim ten Have) [Orabug: 32708041]
  • virnetserver: fix some memory leaks in virNetTLSContextReloadForServer (Jin Yan)
  • virt-admin: Introduce command srv-update-tls (Zhang Bo) [Orabug: 32768102]
  • admin: Introduce virAdmServerUpdateTlsFiles (Zhang Bo) [Orabug: 32768102]
  • tls: Add a mutex lock on ‘tlsCtxt’ (Zhang Bo) [Orabug: 32768102]
  • virnetserver: Introduce virNetServerUpdateTlsFiles (Zhang Bo) [Orabug: 32768102]
    [5.7.0-27.el8]
  • Exadata: protect libvirt hugepage acquisition from QEMU async init (Wim ten Have) [Orabug: 32561685]
    [5.7.0-26.el8]
  • exadata: Fix autonomous hugepage acquisition barrier hang (Wim ten Have) [Orabug: 32537538]
  • exadata: Fix CPU Packing when out of pCPUs (Wim ten Have) [Orabug: 32527311]
    [5.7.0-25.el8]
  • exadata: force a host CPUs reserved pCPU threshold (Wim ten Have) [Orabug: 32516090]
    [5.7.0-24.el8]
  • exadata: Add configurable libvirtd mlockall support (Wim ten Have) [Orabug: 32479237]
  • exadata: hint a configurable number of memory init threads to qemu (Wim ten Have) [Orabug: 32460334]
  • Exadata: domain group should allow for asymmetric creation (Wim ten Have) [Orabug: 32060622]
    [5.7.0-23.el8]
  • util: remove unneeded cleanup labels (Wim ten Have) [Orabug: 32399255]
  • virnuma: Don’t work around numa_node_to_cpus() for non-existent nodes (Wim ten Have) [Orabug: 32379098]
    [5.7.0-22.el8]
  • build: add dependency to help patch tooling (Menno Lageman) [Orabug: 32284540]
  • Exadata: fix active guest dgroup-delete requests (Wim ten Have) [Orabug: 32095306]
  • Exadata: fix a rogue Domain Groups dgroup-undefine flaw (Wim ten Have) [Orabug: 31945084]
    [2.7.0-21.el8]
  • exadata: Fix the validation when defining domain groups (Wim ten Have) [Orabug: 32085856]
  • qemu: improve error message when guest vcpu count exceeds domain group limit (Menno Lageman) [Orabug: 31985111]
  • qemu: Autonomous hugepage acquisition for 2-MiB and 1-GiB guest memoryBacking (Wim ten Have)
  • qemu: Fix a qemuMemReleaseHostHugepages state error (Wim ten Have) [Orabug: 32069203]
  • qemu: avoid guest CPU process handling if exadataConfig is disabled (Wim ten Have) [Orabug: 32053696]
  • domain_conf: Relax SCSI addr used check (Michal Privoznik) [Orabug: 31386162]
  • domain_conf: Make virDomainDeviceFindSCSIController accept virDomainDeviceDriveAddress struct (Michal Privoznik) [Orabug: 31386162]
  • qemu: remove use of qemuDomainObjBeginJobWithAgent() (Jonathon Jongsma) [Orabug: 31990187] {CVE-2019-20485}
  • qemu: agent: set ifname to NULL after freeing (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637}
  • rpc: require write acl for guest agent in virDomainInterfaceAddresses (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637}
  • rpc: add support for filtering @acls by uint params (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637}
  • rpc: gendispatch: handle empty flags (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637}
    [5.7.0-19.el8]
  • qemu: Verify use of hugepages when releasing its acquired status (Wim ten Have) [Orabug: 31839035]
  • qemu: Autonomous hugepages acquisition and release (Wim ten Have) [Orabug: 31367986]
    [5.7.0-17.el8]
  • qemu: Fix cpu boundary checks when starting or configuring guest domains. (Wim ten Have) [Orabug: 31469231]
  • libvirt: Allocate max possible CPUs for QEMU to prepare guest memory (Wim ten Have) [Orabug: 31064560]
    [5.7.0-16.el8]
  • qemu: format ‘x-aw-bits’ on intel-iommu command line (Menno Lageman)
  • qemu: format address wdith on intel-iommu command line (Menno Lageman)
  • conf: add address width attribute to iommu (Menno Lageman)
  • tests: add tests for host-phys-bits KVM feature (Menno Lageman) [Orabug: 31354547]
  • qemu: support host-phys-bits KVM feature (Menno Lageman) [Orabug: 31374547]
  • storage: Fix daemon crash on lookup storagepool by targetpath (Yi Li) [Orabug: 31439483] {CVE-2020-10703}
    [5.7.0-15.el8]
  • qemu: Escape the qemu driver systemd DOT hoax (Wim ten Have) [Orabug:
    31380815]
    [5.7.0-14.el8]
  • vmx: make ‘fileName’ optional for CD-ROMs (Pino Toscano) [Orabug: 31350200]
  • vmx: shortcut earlier few ‘ignore’ cases in virVMXParseDisk() (Pino Toscano) [Orabug: 31350200]
  • domain group: Fix a potential SEGV while restoring guest domains (Wim ten Have) [Orabug: 31285615]
  • cpu_map: Distinguish Cascadelake-Server from Skylake-Server (Jiri Denemark) [Orabug: 31214897]
  • cpu_map: Add more -noTSX x86 CPU models (Christian Ehrhardt) [Orabug: 31214897]
  • qemuDomainGetStatsIOThread: Don’t leak array with 0 iothreads (Peter Krempa) [Orabug: 31251756] {CVE-2020-12430}
    [5.7.0-13.el8]
  • domain groups: Fix multiple Domain Group vCPU administration flaws (Wim ten Have) [Orabug: 31145304]
  • qemu: fix missing #if defined(ENABLE_EXADATA) (Menno Lageman)
  • build: Fix qemu-submodule-init syntax-check issue (Wim ten Have)
  • libvirt: Fix various introduced Fedora/RHEL build violations (Wim ten Have) [Orabug: 31143337]
  • qemu: don’t hold both jobs for suspend (Jonathon Jongsma) [Orabug: 31073098] {CVE-2019-20485}
  • domain groups: qemu driver error refers to pCPUs instead of vCPUs (Wim ten Have) [Orabug: 31075757]
  • node_device_conf: Don’t leak @physical_function in virNodeDeviceGetPCISRIOVCaps (Jiang Kun) [Orabug: 31070337]
    [5.7.0-12.el8]
  • libvirt: vNUMA automatic host paritioning allows erroneous vcpu settings (Wim ten Have) [Orabug: 31050313]
  • remote: do not stop libvirtd after period of inactivity (Menno Lageman) [Orabug: 31003707]
  • remote: do not use socket activation by default (Menno Lageman) [Orabug: 31003707]
  • qemu driver: handle targetNode under memory hot-plug operations (Wim ten Have) [Orabug: 31009716]
  • domain groups: refresh dgbase host capabilities prior to defining a new group (Wim ten Have) [Orabug: 31026069]
  • domain groups: Always cleanup system.slice controlled hugepage reservations (Wim ten Have) [Orabug: 31025853]
  • domain groups: Enable DGs upon fresh groups arrival (Wim ten Have) [Orabug: 31021247]
  • domain groups: Skip undefined domain groups when validating lists (Wim ten Have) [Orabug: 31030117]
    [5.7.0-11.el8]
  • domain groups: Add functionality to control NUMA node alignment (Wim ten Have) [Orabug: 30988105]
  • domain groups: A rename should always update active and config domain definitions (Wim ten Have) [Orabug: 30999730]
    [5.7.0-10.el8]
  • domain groups: refresh dgbase depending host capabilities before rendering the cpuguestmask (Wim ten Have) [Orabug: 30987361]
  • conf: domain group validation errors should print correct group info (Menno Lageman) [Orabug: 30988428]
  • qemu: reserve hugepages when memoryBacking when live attaching memory (Wim ten Have) [Orabug: 30985510]
  • domain groups: avoid virDomainGroupInit if exadataConfig is disabled (Wim ten Have) [Orabug: 30985907]
    [5.7.0-9.el8]
  • vNUMA: distinguish standard and vNUMA memory ‘setmaxmem’ operations (Wim ten
    Have) [Orabug: 30894536]
    [5.7.0-8.el8]
  • domain groups: End Of BETA (Wim ten Have)
  • domaingroups: ExaData Domain Groups POC (Wim ten Have)
  • domaingroup: preliminary virsh support for domain groups - drop #4 (Menno Lageman)
  • tests: add various tests to exercise vNUMA host partitioning (Wim ten Have) [Orabug: 29720293]
  • qemu: driver changes for new vNUMA Host and Nodeset partitioning (Wim ten Have) [Orabug: 29720293]
  • XML definitions for guest vNUMA and parsing routines (Wim ten Have) [Orabug: 29720293]
  • Revert ‘exadata: can not configure shared memory hosted disk devices for vhostmd.service’ (Menno Lageman)
  • qemu: Forcibly mknod() even if it exists (Michal Privoznik)
    [5.7.0-5.el8]
  • exadata: can not configure shared memory hosted disk devices for
    vhostmd.service (Menno Lageman) [Orabug: 30598065]
    [5.7.0-4.el8]
  • build: skip copyright check for gnulib (Menno Lageman)
  • Revert ‘network: pull global chain init into separate method’ (Menno Lageman) [Orabug: 30611188]
  • Revert ‘network: add more debugging of firewall chain creation’ (Menno Lageman) [Orabug: 30611188]
  • Revert ‘network: delay global firewall setup if no networks are running’ (Menno Lageman) [Orabug: 30611188]
  • qemu-submodule-init: Add Git submodule init script (Karl Heubaum) [Orabug: 30796221]
    [5.7.0-3.el8]
  • Add VMware esx support (Menno Lageman) [Orabug: 30449929]
    [5.7.0-2.el8]
  • enable VMware hypervisor driver
    libvirt-dbus
    [1.3.0]
  • Resolves: bz#1810193
    (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)
    [1.2.0-3]
  • Rebuild all virt packages to fix RHEL’s upgrade path
  • Resolves: rhbz#1695587
    (Ensure modular RPM upgrade path)
    [1.2.0-2]
  • util: fix virtDBusUtilDecodeUUID (rhbz#1647823)
    [1.2.0-1]
  • Rebased to libvirt-dbus-1.2.0 (rhbz#1630196)
    libvirt-python
    [5.7.0-1.el8]
  • libvirt-python.spec: Add a .spec file for libvirt-python
    nbdkit
    [1.16.2-4.0.1]
  • Replace upstream references within the description tag
    [1.16.2]
  • Resolves: bz#1810193
    (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)
    [1.16.2]
  • Resolves: bz#1810193
    (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)
    perl-Sys-Virt
    qemu-kvm
    [4.1.1-11.el8]
  • trace: use STAP_SDT_V2 to work around symbol visibility (Stefan Hajnoczi) [Orabug: 33272428]
    [4.2.1-11.el8]
  • pvrdma: Fix the ring init error flow (Marcel Apfelbaum) [Orabug: 33120142] {CVE-2021-3608}
  • pvrdma: Ensure correct input on ring init (Marcel Apfelbaum) [Orabug: 33120146] {CVE-2021-3607}
  • hw/rdma: Fix possible mremap overflow in the pvrdma device (Marcel Apfelbaum) [Orabug: 33120084] {CVE-2021-3582}
  • vhost-user-gpu: reorder free calls (Gerd Hoffmann) [Orabug: 32950701] {CVE-2021-3544}
  • vhost-user-gpu: abstract vg_cleanup_mapping_iov (Li Qiang) [Orabug: 32950716] {CVE-2021-3546}
  • vhost-user-gpu: fix OOB write in ‘virgl_cmd_get_capset’ (Li Qiang) [Orabug: 32950716] {CVE-2021-3546}
  • vhost-user-gpu: fix memory leak in ‘virgl_resource_attach_backing’ (Li Qiang) [Orabug: 32950701] {CVE-2021-3544}
  • vhost-user-gpu: fix memory leak in ‘virgl_cmd_resource_unref’ (Li Qiang) [Orabug: 32950701] {CVE-2021-3544}
  • vhost-user-gpu: fix memory leak while calling ‘vg_resource_unref’ (Li Qiang) [Orabug: 32950701] {CVE-2021-3544}
  • vhost-user-gpu: fix memory leak in vg_resource_attach_backing (Li Qiang) [Orabug: 32950701] {CVE-2021-3544}
  • vhost-user-gpu: fix resource leak in ‘vg_resource_create_2d’ (Li Qiang) [Orabug: 32950701] {CVE-2021-3544}
  • vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info (Li Qiang) [Orabug: 32950708] {CVE-2021-3545}
  • usb: limit combined packets to 1 MiB (Gerd Hoffmann) [Orabug: 32842778] {CVE-2021-3527}
  • usb/redir: avoid dynamic stack allocation (Gerd Hoffmann) [Orabug: 32842778] {CVE-2021-3527}
  • mptsas: Remove unused MPTSASState ‘pending’ field (Michael Tokarev) [Orabug: 32470463] {CVE-2021-3392}
  • oslib-posix: initialize backend memory objects in parallel (Mark Kanda) [Orabug: 32555402]
  • oslib-posix: refactor memory prealloc threads (Mark Kanda) [Orabug: 32555402]
    [4.2.1-10.el8]
  • e1000: fail early for evil descriptor (Jason Wang) [Orabug: 32560552] {CVE-2021-20257}
  • Document CVE-2020-27661 as fixed (Mark Kanda) [Orabug: 32960200] {CVE-2020-27661}
  • block: Avoid stale pointer dereference in blk_get_aio_context() (Greg Kurz)
  • block: Fix blk->in_flight during blk_wait_while_drained() (Kevin Wolf)
  • block: Increase BB.in_flight for coroutine and sync interfaces (Kevin Wolf)
  • block-backend: Reorder flush/pdiscard function definitions (Kevin Wolf)
  • i386/pc: let iterator handle regions below 4G (Joao Martins)
  • arm/virt: Add memory hot remove support (Shameer Kolothum) [Orabug: 32643506]
  • i386/pc: consolidate usable iova iteration (Joao Martins)
  • i386/acpi: fix SRAT ranges in accordance to usable IOVA (Joao Martins)
  • migration: increase listening socket backlog (Elena Ufimtseva)
  • multifd: Make multifd_save_setup() get an Error parameter (Juan Quintela)
  • multifd: Make multifd_load_setup() get an Error parameter (Juan Quintela)
  • migration: fix maybe-uninitialized warning (Marc-Andre Lureau)
  • migration: Fix the re-run check of the migrate-incoming command (Yury Kotov)
  • multifd: Initialize local variable (Juan Quintela)
  • multifd: Be consistent about using uint64_t (Juan Quintela)
  • Bug #1829242 correction. (Alexey Romko)
  • migration/multifd: fix destroyed mutex access in terminating multifd threads (Jiahui Cen)
  • migration/multifd: fix nullptr access in terminating multifd threads (Jiahui Cen)
  • migration/multifd: not use multifd during postcopy (Wei Yang)
  • migration/multifd: clean pages after filling packet (Wei Yang)
  • migration: Make sure that we don’t call write() in case of error (Juan Quintela)
  • migration: fix multifd_send_pages() next channel (Laurent Vivier)
  • migration/multifd: bypass uuid check for initial packet (Elena Ufimtseva) [Orabug: 32610480]
  • migration/tls: add error handling in multifd_tls_handshake_thread (Hao Wang)
  • migration/tls: fix inverted semantics in multifd_channel_connect (Hao Wang)
  • migration/multifd: do not access uninitialized multifd_recv_state (Elena Ufimtseva) [Orabug: 32795384]
  • io/channel-tls.c: make qio_channel_tls_shutdown thread-safe (Lukas Straub)
  • qemu.spec: Enable qemu-guest-agent RPM for OL7 (Karl Heubaum) [Orabug: 32415543]
  • virtio-net: Set mac address to hardware if the peer is vdpa (Cindy Lu)
  • net: Add vhost-vdpa in show_netdevs() (Cindy Lu)
  • vhost-vdpa: Add qemu_close in vhost_vdpa_cleanup (Cindy Lu)
  • hw/virtio/vhost-vdpa: Fix Coverity CID 1432864 (Philippe Mathieu-Daude)
  • vhost-vdpa: negotiate VIRTIO_NET_F_STATUS with driver (Si-Wei Liu)
  • configure: Fix build dependencies with vhost-vdpa. (Laurent Vivier)
  • configure: simplify vhost condition with Kconfig (Marc-Andre Lureau)
  • vhost-vdpa: add trace-events (Laurent Vivier)
  • dma/pl330: Fix qemu_hexdump() usage in pl330.c (Mark Kanda)
  • util/hexdump: introduce qemu_hexdump_line() (Laurent Vivier)
  • util/hexdump: Reorder qemu_hexdump() arguments (Philippe Mathieu-Daude)
  • util/hexdump: Convert to take a void pointer argument (Philippe Mathieu-Daude)
  • net/colo-compare.c: Only hexdump packets if tracing is enabled (Lukas Straub)
  • vhost-vdpa: batch updating IOTLB mappings (Jason Wang)
  • vhost: switch to use IOTLB v2 format (Jason Wang)
  • vhost-vdpa: remove useless variable (Laurent Vivier)
  • virtio: vdpa: omit check return of g_malloc (Li Qiang)
  • vhost-vdpa: fix indentation in vdpa_ops (Stefano Garzarella)
  • virtio-net: check the existence of peer before accessing vDPA config (Jason Wang)
  • virtio-pci: fix wrong index in virtio_pci_queue_enabled (Yuri Benditovich)
  • virtio-pci: fix virtio_pci_queue_enabled() (Laurent Vivier)
  • vhost-vdpa :Fix Coverity CID 1430270 / CID 1420267 (Cindy Lu)
  • vhost-vdpa: fix the compile issue without kvm (Cindy Lu)
  • vhost-vdpa: introduce vhost-vdpa net client (Cindy Lu)
  • vhost-vdpa: introduce vhost-vdpa backend (Cindy Lu)
  • linux headers: sync to 5.9-rc4 (Jason Wang)
  • Linux headers: update (Cornelia Huck)
  • virtio-net: fix rsc_ext compat handling (Cornelia Huck)
  • linux-headers: update against Linux 5.7-rc3 (Cornelia Huck)
  • linux-headers: update (Cornelia Huck)
  • virtiofsd: Pull in kernel’s fuse.h (Dr. David Alan Gilbert)
  • linux-headers: Update (Bharata B Rao)
  • linux-headers: Update (Greg Kurz)
  • vhost_net: introduce set_config & get_config (Cindy Lu)
  • vhost: implement vhost_force_iommu method (Cindy Lu)
  • vhost: introduce new VhostOps vhost_force_iommu (Cindy Lu)
  • vhost: implement vhost_vq_get_addr method (Cindy Lu)
  • vhost: introduce new VhostOps vhost_vq_get_addr (Cindy Lu)
  • vhost: implement vhost_dev_start method (Cindy Lu)
  • vhost: introduce new VhostOps vhost_dev_start (Cindy Lu)
  • vhost: check the existence of vhost_set_iotlb_callback (Jason Wang)
  • virtio-pci: implement queue_enabled method (Jason Wang)
  • virtio-bus: introduce queue_enabled method (Jason Wang)
  • vhost_net: use the function qemu_get_peer (Cindy Lu)
  • net: introduce qemu_get_peer (Cindy Lu)
  • vhost: correctly turn on VIRTIO_F_IOMMU_PLATFORM (Jason Wang)
  • imx7-ccm: add digprog mmio write method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469}
  • tz-ppc: add dummy read/write methods (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469}
  • spapr_pci: add spapr msi read method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469}
  • nvram: add nrf51_soc flash read method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469}
  • prep: add ppc-parity write method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469}
  • vfio: add quirk device write method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469}
  • pci-host: designware: add pcie-msi read method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469}
  • hw/pci-host: add pci-intack write method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469}
  • oslib-posix: take lock before qemu_cond_broadcast (Bauerchen) [Orabug: 32555402]
  • oslib-posix: initialize mutex and condition variable (Paolo Bonzini) [Orabug: 32555402]
  • mem-prealloc: optimize large guest startup (Bauerchen) [Orabug: 32555402]
  • i386: Add the support for AMD EPYC 3rd generation processors (Babu Moger)
  • acpi: cpuhp: document CPHP_GET_CPU_ID_CMD command (Igor Mammedov)
  • acpi: cpuhp: add CPHP_GET_CPU_ID_CMD command (Igor Mammedov)
  • acpi: cpuhp: spec: add typical usecases (Igor Mammedov)
  • acpi: cpuhp: spec: clarify store into ‘Command data’ when ‘Command field’ == 0 (Igor Mammedov)
  • acpi: cpuhp: spec: fix ‘Command data’ description (Igor Mammedov)
  • acpi: cpuhp: spec: clarify ‘CPU selector’ register usage and endianness (Igor Mammedov)
  • acpi: cpuhp: introduce ‘Command data 2’ field (Igor Mammedov)
  • x86: ich9: let firmware negotiate ‘CPU hot-unplug with SMI’ feature (Igor Mammedov)
  • x86: ich9: factor out ‘guest_cpu_hotplug_features’ (Igor Mammedov)
  • x86: acpi: let the firmware handle pending ‘CPU remove’ events in SMM (Igor Mammedov)
  • x86: acpi: introduce AcpiPmInfo::smi_on_cpu_unplug (Igor Mammedov)
  • acpi: cpuhp: introduce ‘firmware performs eject’ status/control bits (Igor Mammedov)
  • x68: acpi: trigger SMI before sending hotplug Notify event to OSPM (Igor Mammedov)
  • x86: acpi: introduce the PCI0.SMI0 ACPI device (Igor Mammedov)
  • x86: acpi: introduce AcpiPmInfo::smi_on_cpuhp (Igor Mammedov)
  • x86: ich9: expose ‘smi_negotiated_features’ as a QOM property (Igor Mammedov)
  • tests: acpi: mark to be changed tables in bios-tables-test-allowed-diff (Igor Mammedov)
  • acpi: add aml_land() and aml_break() primitives (Igor Mammedov)
  • x86: cpuhp: refuse cpu hot-unplug request earlier if not supported (Igor Mammedov)
  • x86: cpuhp: prevent guest crash on CPU hotplug when broadcast SMI is in use (Igor Mammedov)
  • x86: lpc9: let firmware negotiate ‘CPU hotplug with SMI’ features (Igor Mammedov)
  • q35: implement 128K SMRAM at default SMBASE address (Igor Mammedov)
  • hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register (Philippe Mathieu-Daude) [Orabug: 32470471] {CVE-2021-20221}
  • memory: clamp cached translation in case it points to an MMIO region (Paolo Bonzini) [Orabug: 32252673] {CVE-2020-27821}
  • hw/sd/sdhci: Fix DMA Transfer Block Size field (Philippe Mathieu-Daude) [Orabug: 32613470] {CVE-2021-3409}
    [4.2.1-6.el8]
  • i386/pc: Keep PCI 64-bit hole within usable IOVA space (Joao Martins)
  • pc/cmos: Adjust CMOS above 4G memory size according to 1Tb boundary (Joao Martins)
  • i386/pc: Round up the hotpluggable memory within valid IOVA ranges (Joao Martins)
  • i386/pc: Account IOVA reserved ranges above 4G boundary (Joao Martins)
    [4.2.1-5.el8]
  • hostmem: fix default ‘prealloc-threads’ count (Mark Kanda)
  • hostmem: introduce ‘prealloc-threads’ property (Igor Mammedov)
  • qom: introduce object_register_sugar_prop (Paolo Bonzini)
  • migration/multifd: Do error_free after migrate_set_error to avoid memleaks (Pan Nengyuan)
  • multifd/tls: fix memoryleak of the QIOChannelSocket object when cancelling migration (Chuan Zheng)
  • migration/multifd: fix hangup with TLS-Multifd due to blocking handshake (Chuan Zheng)
  • migration/tls: add trace points for multifd-tls (Chuan Zheng)
  • migration/tls: add support for multifd tls-handshake (Chuan Zheng)
  • migration/tls: extract cleanup function for common-use (Chuan Zheng)
  • migration/multifd: fix memleaks in multifd_new_send_channel_async (Pan Nengyuan)
  • migration/multifd: fix nullptr access in multifd_send_terminate_threads (Zhimin Feng)
  • migration/tls: add tls_hostname into MultiFDSendParams (Chuan Zheng)
  • migration/tls: extract migration_tls_client_create for common-use (Chuan Zheng)
  • migration/tls: save hostname into MigrationState (Chuan Zheng)
  • tests/qtest: add a test case for pvpanic-pci (Mihai Carabas)
  • pvpanic : update pvpanic spec document (Mihai Carabas)
  • hw/misc/pvpanic: add PCI interface support (Mihai Carabas)
  • hw/misc/pvpanic: split-out generic and bus dependent code (Mihai Carabas)
  • qemu-img: Add --target-is-zero to convert (David Edmondson)
  • 9pfs: Fully restart unreclaim loop (CVE-2021-20181) (Greg Kurz) [Orabug: 32441198] {CVE-2021-20181}
  • ide: atapi: check logical block address and read size (CVE-2020-29443) (Prasad J Pandit) [Orabug: 32393835] {CVE-2020-29443}
  • Document CVE-2019-20808 as fixed (Mark Kanda) [Orabug: 32339196] {CVE-2019-20808}
  • block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl_cb (Chen Qun) [Orabug: 32339207] {CVE-2020-11947}
  • net: remove an assert call in eth_get_gso_type (Prasad J Pandit) [Orabug: 32102583] {CVE-2020-27617}
  • nvdimm: honor -object memory-backend-file, readonly=on option (Stefan Hajnoczi) [Orabug: 32265408]
  • hostmem-file: add readonly=on|off option (Stefan Hajnoczi) [Orabug: 32265408]
  • memory: add readonly support to memory_region_init_ram_from_file() (Stefan Hajnoczi) [Orabug: 32265408]
    [4.2.1-4.el8]
  • Document CVE-2020-25723 as fixed (Mark Kanda) [Orabug: 32222397] {CVE-2020-25723}
  • hw/net/e1000e: advance desc_offset in case of null descriptor (Prasad J Pandit) [Orabug: 32217517] {CVE-2020-28916}
  • i386: Add 2nd Generation AMD EPYC processors (Babu Moger) [Orabug: 32217570]
  • libslirp: Update version to include CVE fixes (Mark Kanda) [Orabug: 32208456] [Orabug: 32208462] {CVE-2020-29129} {CVE-2020-29130}
  • Document CVE-2020-25624 as fixed (Mark Kanda) [Orabug: 32212527] {CVE-2020-25624}
  • pvpanic: Advertise the PVPANIC_CRASHLOADED event support (Paolo Bonzini) [Orabug: 32102853]
  • ati: check x y display parameter values (Prasad J Pandit) [Orabug: 32108251] {CVE-2020-27616}
  • Add AArch64 support for QMP regdump tool and sosreport plugin (Mark Kanda) [Orabug: 32080658]
  • Add qemu_regdump sosreport plugin support for ‘-mon’ QMP sockets (Mark Kanda)
  • migration/dirtyrate: present dirty rate only when querying the rate has completed (Chuan Zheng)
  • migration/dirtyrate: record start_time and calc_time while at the measuring state (Chuan Zheng)
  • migration/dirtyrate: Add trace_calls to make it easier to debug (Chuan Zheng)
  • migration/dirtyrate: Implement qmp_cal_dirty_rate()/qmp_get_dirty_rate() function (Chuan Zheng)
  • migration/dirtyrate: Implement calculate_dirtyrate() function (Chuan Zheng)
  • migration/dirtyrate: Implement set_sample_page_period() and is_sample_period_valid() (Chuan Zheng)
  • migration/dirtyrate: skip sampling ramblock with size below MIN_RAMBLOCK_SIZE (Chuan Zheng)
  • migration/dirtyrate: Compare page hash results for recorded sampled page (Chuan Zheng)
  • migration/dirtyrate: Record hash results for each sampled page (Chuan Zheng)
  • migration/dirtyrate: move RAMBLOCK_FOREACH_MIGRATABLE into ram.h (Chuan Zheng)
  • migration/dirtyrate: Add dirtyrate statistics series functions (Chuan Zheng)
  • migration/dirtyrate: Add RamblockDirtyInfo to store sampled page info (Chuan Zheng)
  • migration/dirtyrate: add DirtyRateStatus to denote calculation status (Chuan Zheng)
  • migration/dirtyrate: setup up query-dirtyrate framwork (Chuan Zheng)
  • ram_addr: Split RAMBlock definition (Juan Quintela)
    seabios
    [1.13.0]
  • Resolves: bz#1844296
    (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)
    [1.13.0]
  • Resolves: bz#1810193
    (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)
    supermin
    [5.1.19]
  • Resolves: bz#1810193
    (Upgrade components in virt:rhel module:stream for RHEL-8.3 release)
    [5.1.19-9]
  • Rebuild all virt packages to fix RHEL’s upgrade path
  • Resolves: rhbz#1695587
    (Ensure modular RPM upgrade path)
    [5.1.19-8]
  • Pass CFLAGS & LDFLAGS to final supermin link
    resolves: rhbz#1624175
    [5.1.19-7]
  • Rebuild for OCaml 4.07.0.
    [5.1.19-6]
  • Drop dietlibc in RHEL 8
    resolves: rhbz#1588067
    [5.1.19-5]
  • Bump release and rebuild.
    [5.1.19-4]
  • Reenable hardened build
    [5.1.19-3]
  • Fix bytes/string problems.
    [5.1.19-2]
  • Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
    [5.1.19-1]
  • New upstream version 5.1.19.
  • Remove all patches, now upstream.
How to protect your server from attacks?

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

Related for ELSA-2021-9568