Rapid7 Vulnerability & Exploit Database

Oracle Linux: ELSA-2019-4631: qemu security update

Back to Search

Oracle Linux: ELSA-2019-4631: qemu security update

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
05/14/2019
Created
03/05/2020
Added
03/02/2020
Modified
03/02/2020

Description

[12:2.9.0-21.el7] - x86: Add mds feature (Karl Heubaum) - e1000: Never increment the RX undersize count register (Chris Kenna) - i386: Add some MSR based features on Cascadelake-Server CPU model (Tao Xu) [Orabug: 29643540] - i386: Update stepping of Cascadelake-Server (Tao Xu) [Orabug: 29643540] - kvm: Use KVM_GET_MSR_INDEX_LIST for MSR_IA32_ARCH_CAPABILITIES support (Bandan Das) [Orabug: 29643540] - x86: define a new MSR based feature word -- FEATURE_WORDS_ARCH_CAPABILITIES (Robert Hoo) [Orabug: 29643540] - x86: Data structure changes to support MSR based features (Robert Hoo) [Orabug: 29643540] - kvm: Add support to KVM_GET_MSR_FEATURE_INDEX_LIST and KVM_GET_MSRS system ioctl (Robert Hoo) [Orabug: 29643540] - i386: Add CPUID bit and feature words for IA32_ARCH_CAPABILITIES MSR (Robert Hoo) [Orabug: 29643540] - i386: Add new MSR indices for IA32_PRED_CMD and IA32_ARCH_CAPABILITIES (Robert Hoo) [Orabug: 29643540] - update Linux headers to 4.16-rc5 (Paolo Bonzini) [Orabug: 29643540] - linux-headers: update (Cornelia Huck) [Orabug: 29643540] - linux-headers: update to 4.15-rc1 (Eric Auger) [Orabug: 29643540] - linux-headers: sync against v4.14-rc1 (Alexey Perevalov) [Orabug: 29643540] - linux header sync against v4.13-rc1 (Christian Borntraeger) [Orabug: 29643540] - linux-headers: update to 4.13-rc0 (Christian Borntraeger) [Orabug: 29643540] - parfait: --disable-avx2 no longer needed by rpmbuild (Liam Merwick) [Orabug: 28733157] - parfait: deal with parfait returning non-zero return value (Liam Merwick) [Orabug: 28733157] - parfait: use nproc to choose default number of threads (Liam Merwick) [Orabug: 28733157] - parfait: provide option to upload results (Liam Merwick) [Orabug: 28733157] - parfait: disable misaligned-access check (Liam Merwick) [Orabug: 28733157] - parfait: Run static analysis when --with parfait specified (Liam Merwick) [Orabug: 28733157] - parfait: add buildrpm/parfait-qemu.conf (Liam Merwick) [Orabug: 28733157] - device_tree.c: Don't use load_image() (Peter Maydell) [Orabug: 29546331] {CVE-2018-20815} - slirp: check sscanf result when emulating ident (William Bowling) [Orabug: 29501785] {CVE-2019-9824} - i2c-ddc: fix oob read (Gerd Hoffmann) [Orabug: 29377317] {CVE-2019-3812}

Solution(s)

  • oracle-linux-upgrade-qemu
  • oracle-linux-upgrade-qemu-block-gluster
  • oracle-linux-upgrade-qemu-block-iscsi
  • oracle-linux-upgrade-qemu-block-rbd
  • oracle-linux-upgrade-qemu-common
  • oracle-linux-upgrade-qemu-img
  • oracle-linux-upgrade-qemu-kvm
  • oracle-linux-upgrade-qemu-kvm-core
  • oracle-linux-upgrade-qemu-system-x86
  • oracle-linux-upgrade-qemu-system-x86-core

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;