El-errata: ELSA-2021-9104 Important: Oracle Linux 7 qemu security update
Oracle Linux Security Advisory ELSA-2021-9104
http://linux.oracle.com/errata/ELSA-2021-9104.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
i386:
x86_64:
qemu-common-4.2.1-5.el7.x86_64.rpm
qemu-system-x86-core-4.2.1-5.el7.x86_64.rpm
qemu-block-gluster-4.2.1-5.el7.x86_64.rpm
qemu-block-iscsi-4.2.1-5.el7.x86_64.rpm
qemu-block-rbd-4.2.1-5.el7.x86_64.rpm
qemu-img-4.2.1-5.el7.x86_64.rpm
qemu-4.2.1-5.el7.x86_64.rpm
qemu-kvm-4.2.1-5.el7.x86_64.rpm
qemu-kvm-core-4.2.1-5.el7.x86_64.rpm
qemu-system-x86-4.2.1-5.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/el7v/SRPMS-updates/qemu-4.2.1-5.el7.src.rpm
Description of changes:
[15:4.2.1-5.el7]
- qemu.spec: use --tls-priority=NORMAL for OL7 (Elena Ufimtseva)
- hostmem: fix default "prealloc-threads" count (Mark Kanda) [Orabug: 32472127]
- hostmem: introduce "prealloc-threads" property (Igor Mammedov)
- qom: introduce object_register_sugar_prop (Paolo Bonzini)
- migration/multifd: Do error_free after migrate_set_error to avoid memleaks (Pan Nengyuan)
- multifd/tls: fix memoryleak of the QIOChannelSocket object when cancelling migration (Chuan Zheng)
- migration/multifd: fix hangup with TLS-Multifd due to blocking handshake (Chuan Zheng)
- migration/tls: add trace points for multifd-tls (Chuan Zheng)
- migration/tls: add support for multifd tls-handshake (Chuan Zheng)
- migration/tls: extract cleanup function for common-use (Chuan Zheng)
- migration/multifd: fix memleaks in multifd_new_send_channel_async (Pan Nengyuan)
- migration/multifd: fix nullptr access in multifd_send_terminate_threads (Zhimin Feng)
- migration/tls: add tls_hostname into MultiFDSendParams (Chuan Zheng)
- migration/tls: extract migration_tls_client_create for common-use (Chuan Zheng)
- migration/tls: save hostname into MigrationState (Chuan Zheng)
- tests/qtest: add a test case for pvpanic-pci (Mihai Carabas)
- pvpanic : update pvpanic spec document (Mihai Carabas)
- hw/misc/pvpanic: add PCI interface support (Mihai Carabas)
- hw/misc/pvpanic: split-out generic and bus dependent code (Mihai Carabas)
- 9pfs: Fully restart unreclaim loop (CVE-2021-20181) (Greg Kurz) [Orabug: 32441198] {CVE-2021-20181}
- ide: atapi: check logical block address and read size (CVE-2020-29443) (Prasad J Pandit) [Orabug: 32393835] {CVE-2020-29443}
- Document CVE-2019-20808 as fixed (Mark Kanda) [Orabug: 32339196] {CVE-2019-20808}
- block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl_cb (Chen Qun) [Orabug: 32339207] {CVE-2020-11947}
- net: remove an assert call in eth_get_gso_type (Prasad J Pandit) [Orabug: 32102583] {CVE-2020-27617}
- nvdimm: honor -object memory-backend-file, readonly=on option (Stefan Hajnoczi) [Orabug: 32265408]
- hostmem-file: add readonly=on|off option (Stefan Hajnoczi) [Orabug: 32265408]
- memory: add readonly support to memory_region_init_ram_from_file() (Stefan Hajnoczi) [Orabug: 32265408]
A qemu security update has been released for Oracle Linux 7.
