The following updates has been released for Oracle Linux 7:
ELBA-2019-4711 Oracle Linux 7 virt-manager bug fix update
ELBA-2019-4711 Oracle Linux 7 virt-manager bug fix update (aarch64)
ELSA-2019-4713 Important: Oracle Linux 7 qemu security update
ELSA-2019-4713 Important: Oracle Linux 7 qemu security update (aarch64)
ELSA-2019-4714 Important: Oracle Linux 7 libvirt security update
ELSA-2019-4714 Important: Oracle Linux 7 libvirt security update (aarch64)
ELBA-2019-4711 Oracle Linux 7 virt-manager bug fix update
ELBA-2019-4711 Oracle Linux 7 virt-manager bug fix update (aarch64)
ELSA-2019-4713 Important: Oracle Linux 7 qemu security update
ELSA-2019-4713 Important: Oracle Linux 7 qemu security update (aarch64)
ELSA-2019-4714 Important: Oracle Linux 7 libvirt security update
ELSA-2019-4714 Important: Oracle Linux 7 libvirt security update (aarch64)
ELBA-2019-4711 Oracle Linux 7 virt-manager bug fix update
Oracle Linux Bug Fix Advisory ELBA-2019-4711
http://linux.oracle.com/errata/ELBA-2019-4711.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
i386:
x86_64:
virt-install-1.5.0-15.el7.noarch.rpm
virt-manager-1.5.0-15.el7.noarch.rpm
virt-manager-common-1.5.0-15.el7.noarch.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/virt-manager-1.5.0-15.el7.src.rpm
Description of changes:
[1.5.0-15.el7]
- tests: fix missing '' (Menno Lageman)
[Orabug: 29947518]
- tests: fix missing '' (Menno Lageman) [Orabug:
29947518]
- virtinst: set virtio-scsi queues to number of vcpus (Menno Lageman)
[Orabug: 29947518]
- virtinst: allow setting the number of queues for controllers (Menno
Lageman) [Orabug: 29947518]
[1.5.0-14.el7]
- virtinst: add qemu extended args for large guests unconditionally (Wim ten
Have) [Orabug: 29919946]
[1.5.0-13.el7]
- virtinst: Invariant TSC feature on large guests can't be migrated.
(Wim ten
Have) [Orabug: 29797342]
[1.5.0-12.el7]
- Revert "virtinst: disable memballoon device for Exadata" (Wim ten Have)
[Orabug: 29878086]
[1.5.0-11.el7]
- virtinst: support >= 1 TB guests on Exadata (Menno Lageman) [Orabug:
29683989]
- virtinst: switch to 'virtio-scsi' for Exadata (Menno Lageman) [Orabug:
29660043]
ELBA-2019-4711 Oracle Linux 7 virt-manager bug fix update (aarch64)
Oracle Linux Bug Fix Advisory ELBA-2019-4711
http://linux.oracle.com/errata/ELBA-2019-4711.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
aarch64:
virt-install-1.5.0-15.el7.noarch.rpm
virt-manager-1.5.0-15.el7.noarch.rpm
virt-manager-common-1.5.0-15.el7.noarch.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/virt-manager-1.5.0-15.el7.src.rpm
Description of changes:
[1.5.0-15.el7]
- tests: fix missing '' (Menno Lageman)
[Orabug: 29947518]
- tests: fix missing '' (Menno Lageman) [Orabug:
29947518]
- virtinst: set virtio-scsi queues to number of vcpus (Menno Lageman)
[Orabug: 29947518]
- virtinst: allow setting the number of queues for controllers (Menno
Lageman) [Orabug: 29947518]
[1.5.0-14.el7]
- virtinst: add qemu extended args for large guests unconditionally (Wim ten
Have) [Orabug: 29919946]
[1.5.0-13.el7]
- virtinst: Invariant TSC feature on large guests can't be migrated.
(Wim ten
Have) [Orabug: 29797342]
[1.5.0-12.el7]
- Revert "virtinst: disable memballoon device for Exadata" (Wim ten Have)
[Orabug: 29878086]
[1.5.0-11.el7]
- virtinst: support >= 1 TB guests on Exadata (Menno Lageman) [Orabug:
29683989]
- virtinst: switch to 'virtio-scsi' for Exadata (Menno Lageman) [Orabug:
29660043]
ELSA-2019-4713 Important: Oracle Linux 7 qemu security update
Oracle Linux Security Advisory ELSA-2019-4713
http://linux.oracle.com/errata/ELSA-2019-4713.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
i386:
x86_64:
qemu-common-3.1.0-5.el7.x86_64.rpm
qemu-system-x86-core-3.1.0-5.el7.x86_64.rpm
qemu-block-gluster-3.1.0-5.el7.x86_64.rpm
qemu-block-iscsi-3.1.0-5.el7.x86_64.rpm
qemu-block-rbd-3.1.0-5.el7.x86_64.rpm
qemu-img-3.1.0-5.el7.x86_64.rpm
qemu-3.1.0-5.el7.x86_64.rpm
qemu-kvm-3.1.0-5.el7.x86_64.rpm
qemu-kvm-core-3.1.0-5.el7.x86_64.rpm
qemu-system-x86-3.1.0-5.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/qemu-3.1.0-5.el7.src.rpm
Description of changes:
[15:3.1.0-5.el7]
- Only enable the halt poll control MSR if it is supported by the host (Mark
Kanda) [Orabug: 29946722]
[15:3.1.0-4.el7]
- kvm: i386: halt poll control MSR support (Marcelo Tosatti) [Orabug:
29933278]
- Document CVEs as fixed: CVE-2017-9524, CVE-2017-6058, CVE-2017-5931
(Mark Kanda) [Orabug: 29886908] {CVE-2017-5931} {CVE-2017-6058}
{CVE-2017-9524}
- pvrdma: release device resources in case of an error (Prasad J Pandit)
[Orabug: 29056678] {CVE-2018-20123}
- qxl: check release info object (Prasad J Pandit) [Orabug: 29886906]
{CVE-2019-12155}
- target/i386: add MDS-NO feature (Paolo Bonzini) [Orabug: 29820428]
{CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}
- docs: recommend use of md-clear feature on all Intel CPUs (Daniel P.
Berrangé) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127}
{CVE-2018-12130} {CVE-2019-11091}
- target/i386: define md-clear bit (Paolo Bonzini) [Orabug: 29820428]
{CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}
- pvh: block migration if booting using PVH (Liam Merwick) [Orabug:
29796676]
- hw/i386/pc: run the multiboot loader before the PVH loader (Stefano
Garzarella) [Orabug: 29796676]
- optionrom/pvh: load initrd from fw_cfg (Stefano Garzarella) [Orabug:
29796676]
- hw/i386/pc: use PVH option rom (Stefano Garzarella) [Orabug: 29796676]
- qemu.spec: add pvh.bin to %files (Liam Merwick) [Orabug: 29796676]
- optionrom: add new PVH option rom (Stefano Garzarella) [Orabug: 29796676]
- linuxboot_dma: move common functions in a new header (Stefano
Garzarella) [Orabug: 29796676]
- linuxboot_dma: remove duplicate definitions of FW_CFG (Stefano
Garzarella) [Orabug: 29796676]
- pvh: load initrd and expose it through fw_cfg (Stefano Garzarella)
[Orabug: 29796676]
- pvh: Boot uncompressed kernel using direct boot ABI (Liam Merwick)
[Orabug: 29796676]
- pvh: Add x86/HVM direct boot ABI header file (Liam Merwick) [Orabug:
29796676]
- elf-ops.h: Add get_elf_note_type() (Liam Merwick) [Orabug: 29796676]
- elf: Add optional function ptr to load_elf() to parse ELF notes (Liam
Merwick) [Orabug: 29796676]
ELSA-2019-4713 Important: Oracle Linux 7 qemu security update (aarch64)
Oracle Linux Security Advisory ELSA-2019-4713
http://linux.oracle.com/errata/ELSA-2019-4713.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
aarch64:
ivshmem-tools-3.1.0-5.el7.aarch64.rpm
qemu-3.1.0-5.el7.aarch64.rpm
qemu-block-gluster-3.1.0-5.el7.aarch64.rpm
qemu-block-iscsi-3.1.0-5.el7.aarch64.rpm
qemu-block-rbd-3.1.0-5.el7.aarch64.rpm
qemu-common-3.1.0-5.el7.aarch64.rpm
qemu-img-3.1.0-5.el7.aarch64.rpm
qemu-kvm-3.1.0-5.el7.aarch64.rpm
qemu-kvm-core-3.1.0-5.el7.aarch64.rpm
qemu-system-aarch64-3.1.0-5.el7.aarch64.rpm
qemu-system-aarch64-core-3.1.0-5.el7.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/qemu-3.1.0-5.el7.src.rpm
Description of changes:
[15:3.1.0-5.el7]
- Only enable the halt poll control MSR if it is supported by the host (Mark
Kanda) [Orabug: 29946722]
[15:3.1.0-4.el7]
- kvm: i386: halt poll control MSR support (Marcelo Tosatti) [Orabug:
29933278]
- Document CVEs as fixed: CVE-2017-9524, CVE-2017-6058, CVE-2017-5931
(Mark Kanda) [Orabug: 29886908] {CVE-2017-5931} {CVE-2017-6058}
{CVE-2017-9524}
- pvrdma: release device resources in case of an error (Prasad J Pandit)
[Orabug: 29056678] {CVE-2018-20123}
- qxl: check release info object (Prasad J Pandit) [Orabug: 29886906]
{CVE-2019-12155}
- target/i386: add MDS-NO feature (Paolo Bonzini) [Orabug: 29820428]
{CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}
- docs: recommend use of md-clear feature on all Intel CPUs (Daniel P.
Berrangé) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127}
{CVE-2018-12130} {CVE-2019-11091}
- target/i386: define md-clear bit (Paolo Bonzini) [Orabug: 29820428]
{CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}
- pvh: block migration if booting using PVH (Liam Merwick) [Orabug:
29796676]
- hw/i386/pc: run the multiboot loader before the PVH loader (Stefano
Garzarella) [Orabug: 29796676]
- optionrom/pvh: load initrd from fw_cfg (Stefano Garzarella) [Orabug:
29796676]
- hw/i386/pc: use PVH option rom (Stefano Garzarella) [Orabug: 29796676]
- qemu.spec: add pvh.bin to %files (Liam Merwick) [Orabug: 29796676]
- optionrom: add new PVH option rom (Stefano Garzarella) [Orabug: 29796676]
- linuxboot_dma: move common functions in a new header (Stefano
Garzarella) [Orabug: 29796676]
- linuxboot_dma: remove duplicate definitions of FW_CFG (Stefano
Garzarella) [Orabug: 29796676]
- pvh: load initrd and expose it through fw_cfg (Stefano Garzarella)
[Orabug: 29796676]
- pvh: Boot uncompressed kernel using direct boot ABI (Liam Merwick)
[Orabug: 29796676]
- pvh: Add x86/HVM direct boot ABI header file (Liam Merwick) [Orabug:
29796676]
- elf-ops.h: Add get_elf_note_type() (Liam Merwick) [Orabug: 29796676]
- elf: Add optional function ptr to load_elf() to parse ELF notes (Liam
Merwick) [Orabug: 29796676]
ELSA-2019-4714 Important: Oracle Linux 7 libvirt security update
Oracle Linux Security Advisory ELSA-2019-4714
http://linux.oracle.com/errata/ELSA-2019-4714.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
i386:
x86_64:
libvirt-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-kvm-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-lxc-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-qemu-5.0.0-9.el7.x86_64.rpm
libvirt-libs-5.0.0-9.el7.x86_64.rpm
libvirt-lock-sanlock-5.0.0-9.el7.x86_64.rpm
libvirt-login-shell-5.0.0-9.el7.x86_64.rpm
libvirt-nss-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-config-network-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-config-nwfilter-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-interface-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-lxc-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-network-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-nodedev-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-nwfilter-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-qemu-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-secret-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-core-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-disk-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-gluster-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-logical-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-mpath-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-rbd-5.0.0-9.el7.x86_64.rpm
libvirt-daemon-driver-storage-scsi-5.0.0-9.el7.x86_64.rpm
libvirt-admin-5.0.0-9.el7.x86_64.rpm
libvirt-bash-completion-5.0.0-9.el7.x86_64.rpm
libvirt-client-5.0.0-9.el7.x86_64.rpm
libvirt-devel-5.0.0-9.el7.x86_64.rpm
libvirt-docs-5.0.0-9.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/libvirt-5.0.0-9.el7.src.rpm
Description of changes:
[5.0.0-9.el7]
- qemu: remove cpuhostmask and cpuguestmask from virCaps structure (Wim ten
Have) [Orabug: 29956508]
[5.0.0-8.el7]
- api: disallow virDomainSaveImageGetXMLDesc on read-only connections
(Ján Tomko) [Orabug: 29955742] {CVE-2019-10161}
- domain: Define explicit flags for saved image xml (Eric Blake)
[Orabug: 29955742]
- api: disallow virDomainManagedSaveDefineXML on read-only connections
(Ján Tomko) [Orabug: 29955742] {CVE-2019-10166}
- api: disallow virConnectGetDomainCapabilities on read-only connections
(Ján Tomko) [Orabug: 29955742] {CVE-2019-10167}
- api: disallow virConnect*HypervisorCPU on read-only connections (Ján
Tomko) [Orabug: 29955742] {CVE-2019-10168}
[5.0.0-7.el7]
- cpu_map: Define md-clear CPUID bit (Jiri Denemark) [Orabug: 29874181]
{CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}
[5.0.0-6.el7]
- qemu: Driver change adding private lock to auto-tune hugepages (Wim
ten Have)
[Orabug: 29809943]
[5.0.0-5.el7]
- qemu: disable setmem change requests for vNUMA targets (Wim ten Have)
[Orabug: 29797366]
- domain: Disable memballoon memory configuration support for vNUMA
guests (Wim ten Have) [Orabug: 29797366]
- qemu: Driver change to target for vNUMA setmaxmem change request (Wim
ten Have) [Orabug: 29749852]
- domain: Add domain memory config support for vNUMA guests (Wim ten
Have) [Orabug: 29749852]
- logging: restrict sockets to mode 0600 (Daniel P. Berrangé) [Orabug:
29861433] {CVE-2019-10132}
- locking: restrict sockets to mode 0600 (Daniel P. Berrangé) [Orabug:
29861433] {CVE-2019-10132}
- admin: reject clients unless their UID matches the current UID (Daniel
P. Berrangé) [Orabug: 29861433] {CVE-2019-10132}
ELSA-2019-4714 Important: Oracle Linux 7 libvirt security update (aarch64)
Oracle Linux Security Advisory ELSA-2019-4714
http://linux.oracle.com/errata/ELSA-2019-4714.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
aarch64:
libvirt-5.0.0-9.el7.aarch64.rpm
libvirt-bash-completion-5.0.0-9.el7.aarch64.rpm
libvirt-client-5.0.0-9.el7.aarch64.rpm
libvirt-daemon-5.0.0-9.el7.aarch64.rpm
libvirt-daemon-config-network-5.0.0-9.el7.aarch64.rpm
libvirt-daemon-config-nwfilter-5.0.0-9.el7.aarch64.rpm
libvirt-daemon-driver-interface-5.0.0-9.el7.aarch64.rpm
libvirt-daemon-driver-lxc-5.0.0-9.el7.aarch64.rpm
libvirt-daemon-driver-network-5.0.0-9.el7.aarch64.rpm
libvirt-daemon-driver-nodedev-5.0.0-9.el7.aarch64.rpm
libvirt-daemon-driver-nwfilter-5.0.0-9.el7.aarch64.rpm
libvirt-daemon-driver-qemu-5.0.0-9.el7.aarch64.rpm
libvirt-daemon-driver-secret-5.0.0-9.el7.aarch64.rpm
libvirt-daemon-driver-storage-5.0.0-9.el7.aarch64.rpm
libvirt-daemon-driver-storage-core-5.0.0-9.el7.aarch64.rpm
libvirt-daemon-driver-storage-disk-5.0.0-9.el7.aarch64.rpm
libvirt-daemon-driver-storage-gluster-5.0.0-9.el7.aarch64.rpm
libvirt-daemon-driver-storage-iscsi-5.0.0-9.el7.aarch64.rpm
libvirt-daemon-driver-storage-logical-5.0.0-9.el7.aarch64.rpm
libvirt-daemon-driver-storage-mpath-5.0.0-9.el7.aarch64.rpm
libvirt-daemon-driver-storage-rbd-5.0.0-9.el7.aarch64.rpm
libvirt-daemon-driver-storage-scsi-5.0.0-9.el7.aarch64.rpm
libvirt-daemon-kvm-5.0.0-9.el7.aarch64.rpm
libvirt-daemon-qemu-5.0.0-9.el7.aarch64.rpm
libvirt-devel-5.0.0-9.el7.aarch64.rpm
libvirt-docs-5.0.0-9.el7.aarch64.rpm
libvirt-libs-5.0.0-9.el7.aarch64.rpm
libvirt-admin-5.0.0-9.el7.aarch64.rpm
libvirt-daemon-lxc-5.0.0-9.el7.aarch64.rpm
libvirt-lock-sanlock-5.0.0-9.el7.aarch64.rpm
libvirt-login-shell-5.0.0-9.el7.aarch64.rpm
libvirt-nss-5.0.0-9.el7.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/libvirt-5.0.0-9.el7.src.rpm
Description of changes:
[5.0.0-9.el7]
- qemu: remove cpuhostmask and cpuguestmask from virCaps structure (Wim ten
Have) [Orabug: 29956508]
[5.0.0-8.el7]
- api: disallow virDomainSaveImageGetXMLDesc on read-only connections
(Ján Tomko) [Orabug: 29955742] {CVE-2019-10161}
- domain: Define explicit flags for saved image xml (Eric Blake)
[Orabug: 29955742]
- api: disallow virDomainManagedSaveDefineXML on read-only connections
(Ján Tomko) [Orabug: 29955742] {CVE-2019-10166}
- api: disallow virConnectGetDomainCapabilities on read-only connections
(Ján Tomko) [Orabug: 29955742] {CVE-2019-10167}
- api: disallow virConnect*HypervisorCPU on read-only connections (Ján
Tomko) [Orabug: 29955742] {CVE-2019-10168}
[5.0.0-7.el7]
- cpu_map: Define md-clear CPUID bit (Jiri Denemark) [Orabug: 29874181]
{CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}
[5.0.0-6.el7]
- qemu: Driver change adding private lock to auto-tune hugepages (Wim
ten Have)
[Orabug: 29809943]
[5.0.0-5.el7]
- qemu: disable setmem change requests for vNUMA targets (Wim ten Have)
[Orabug: 29797366]
- domain: Disable memballoon memory configuration support for vNUMA
guests (Wim ten Have) [Orabug: 29797366]
- qemu: Driver change to target for vNUMA setmaxmem change request (Wim
ten Have) [Orabug: 29749852]
- domain: Add domain memory config support for vNUMA guests (Wim ten
Have) [Orabug: 29749852]
- logging: restrict sockets to mode 0600 (Daniel P. Berrangé) [Orabug:
29861433] {CVE-2019-10132}
- locking: restrict sockets to mode 0600 (Daniel P. Berrangé) [Orabug:
29861433] {CVE-2019-10132}
- admin: reject clients unless their UID matches the current UID (Daniel
P. Berrangé) [Orabug: 29861433] {CVE-2019-10132}