El-errata: ELSA-2021-9638 Important: Oracle Linux 7 qemu security update
Oracle Linux Security Advisory ELSA-2021-9638
http://linux.oracle.com/errata/ELSA-2021-9638.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
qemu-common-4.2.1-13.el7.x86_64.rpm
qemu-system-x86-core-4.2.1-13.el7.x86_64.rpm
qemu-block-gluster-4.2.1-13.el7.x86_64.rpm
qemu-block-iscsi-4.2.1-13.el7.x86_64.rpm
qemu-block-rbd-4.2.1-13.el7.x86_64.rpm
qemu-img-4.2.1-13.el7.x86_64.rpm
qemu-4.2.1-13.el7.x86_64.rpm
qemu-kvm-4.2.1-13.el7.x86_64.rpm
qemu-kvm-core-4.2.1-13.el7.x86_64.rpm
qemu-system-x86-4.2.1-13.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/qemu-4.2.1-13.el7.src.rpm
Related CVEs:
CVE-2020-29129
CVE-2020-29130
CVE-2021-20257
CVE-2021-3592
CVE-2021-3593
CVE-2021-3594
CVE-2021-3595
CVE-2021-3682
CVE-2021-3713
CVE-2021-3930
Description of changes:
[15:4.2.1-13.el7]
- pcie: Do not set power state for some hot-plugged devices (Annie Li) [Orabug:
33642532]
[15:4.2.1-12.1.el7]
- Update slirp to address various CVEs (Mark Kanda) [Orabug: 32208456] [Orabug: 33014409] [Orabug: 33014414] [Orabug: 33014417] [Orabug: 33014420] {CVE-2020-29129} {CVE-2020-29130} {CVE-2021-3592} {CVE-2021-3593} {CVE-2021-3594} {CVE-2021-3595}
- Revert "Update libslirp to v4.6.1" (Mark Kanda) [Orabug: 33607100]
[15:4.2.1-12.el7]
- hw/pflash_cfi01: Allow backing devices to be smaller than memory region (David Edmondson)
- pcie: expire pending delete (Gerd Hoffmann) [Orabug: 33450706]
- pcie: fast unplug when slot power is off (Gerd Hoffmann) [Orabug: 33450706]
- pcie: factor out pcie_cap_slot_unplug() (Gerd Hoffmann) [Orabug: 33450706]
- pcie: add power indicator blink check (Gerd Hoffmann) [Orabug: 33450706]
- pcie: implement slot power control for pcie root ports (Gerd Hoffmann) [Orabug: 33450706]
- pci: implement power state (Gerd Hoffmann) [Orabug: 33450706]
- hw/pci/pcie: Move hot plug capability check to pre_plug callback (Julia Suvorova) [Orabug: 33450706]
- hw/pci/pcie: Replace PCI_DEVICE() casts with existing variable (Julia Suvorova) [Orabug: 33450706]
- hw/pci/pcie: Forbid hot-plug if it's disabled on the slot (Julia Suvorova) [Orabug: 33450706]
- pcie_root_port: Add hotplug disabling option (Julia Suvorova) [Orabug: 33450706]
- qdev-monitor: Forbid repeated device_del (Julia Suvorova) [Orabug: 33450706]
- i386:acpi: Remove _HID from the SMBus ACPI entry (Corey Minyard)
- uas: add stream number sanity checks. (Gerd Hoffmann) [Orabug: 33280793] {CVE-2021-3713}
- usbredir: fix free call (Gerd Hoffmann) [Orabug: 33198441] {CVE-2021-3682}
- hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE SELECT commands (Mauro Matteo Cascella) [Orabug: 33548490] {CVE-2021-3930}
- e1000: fix tx re-entrancy problem (Jon Maloy) [Orabug: 32560552] {CVE-2021-20257}
- Update libslirp to v4.6.1 (Marc-André Lureau) [Orabug: 33014409] [Orabug: 33014414] [Orabug: 33014417] [Orabug: 33014420] {CVE-2020-10756} {CVE-2020-1983} {CVE-2020-29129} {CVE-2021-3592} {CVE-2021-3593} {CVE-2021-3594} {CVE-2021-3595}
- virtio-net-pci: Don't use "efi-virtio.rom" on AArch64 (Mark Kanda)
- MAINTAINERS: Add ACPI/HEST/GHES entries (Dongjiu Geng)
- target-arm: kvm64: handle SIGBUS signal from kernel or KVM (Dongjiu Geng)
- ACPI: Record Generic Error Status Block(GESB) table (Dongjiu Geng)
- KVM: Move hwpoison page related functions into kvm-all.c (Dongjiu Geng)
- ACPI: Record the Generic Error Status Block address (Dongjiu Geng)
- ACPI: Build Hardware Error Source Table (Dongjiu Geng)
- ACPI: Build related register address fields via hardware error fw_cfg blob (Dongjiu Geng)
- docs: APEI GHES generation and CPER record description (Dongjiu Geng)
- hw/arm/virt: Introduce a RAS machine option (Dongjiu Geng)
- acpi: nvdimm: change NVDIMM_UUID_LE to a common macro (Dongjiu Geng)
- block/curl: HTTP header field names are case insensitive (David Edmondson) [Orabug: 33287589]
- block/curl: HTTP header fields allow whitespace around values (David Edmondson) [Orabug: 33287589]
_______________________________________________
A qemu security update has been released for Oracle Linux 7.