Oracle alert ELSA-2022-9123 (qemu)

From:
               Errata Announcements for Oracle Linux via El-errata <el-errata@oss.oracle.com>
To:
               el-errata@oss.oracle.com
Subject:
               [El-errata] ELSA-2022-9123 Important: Oracle Linux 7 qemu security update (aarch64)
Date:
               Wed, 09 Feb 2022 07:23:47 -0800
Message-ID:
               <mailman.155.1644420235.31715.el-errata@oss.oracle.com>
Oracle Linux Security Advisory ELSA-2022-9123

http://linux.oracle.com/errata/ELSA-2022-9123.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
ivshmem-tools-4.2.1-15.el7.aarch64.rpm
qemu-4.2.1-15.el7.aarch64.rpm
qemu-block-gluster-4.2.1-15.el7.aarch64.rpm
qemu-block-iscsi-4.2.1-15.el7.aarch64.rpm
qemu-block-rbd-4.2.1-15.el7.aarch64.rpm
qemu-common-4.2.1-15.el7.aarch64.rpm
qemu-img-4.2.1-15.el7.aarch64.rpm
qemu-kvm-4.2.1-15.el7.aarch64.rpm
qemu-kvm-core-4.2.1-15.el7.aarch64.rpm
qemu-system-aarch64-4.2.1-15.el7.aarch64.rpm
qemu-system-aarch64-core-4.2.1-15.el7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/qemu-4.2.1-15.el7...

Related CVEs:

CVE-2021-3416
CVE-2021-20203
CVE-2021-20196
CVE-2021-4158
CVE-2021-3947

Description of changes:

[15:4.2.1-15.el7]
- Document CVE-2021-4158 and CVE-2021-3947 as fixed (Mark Kanda)  [Orabug: 33719302] [Orabug:
33754145]  {CVE-2021-3947} {CVE-2021-4158}
- hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196 (Philippe Mathieu-Daudé)
[Orabug: 32439466]  {CVE-2021-20196}
- hw/block/fdc: Extract blk_create_empty_drive() (Philippe Mathieu-Daudé)  [Orabug: 32439466]
{CVE-2021-20196}
- net: vmxnet3: validate configuration values during activate (CVE-2021-20203) (Prasad J Pandit)
[Orabug: 32559476]  {CVE-2021-20203}
- lan9118: switch to use qemu_receive_packet() for loopback (Alexander Bulekov)  [Orabug: 32560540]
{CVE-2021-3416}
- pcnet: switch to use qemu_receive_packet() for loopback (Alexander Bulekov)  [Orabug: 32560540]
{CVE-2021-3416}
- rtl8139: switch to use qemu_receive_packet() for loopback (Alexander Bulekov)  [Orabug: 32560540]
{CVE-2021-3416}
- tx_pkt: switch to use qemu_receive_packet_iov() for loopback (Jason Wang)  [Orabug: 32560540]
{CVE-2021-3416}
- sungem: switch to use qemu_receive_packet() for loopback (Jason Wang)  [Orabug: 32560540]
{CVE-2021-3416}
- dp8393x: switch to use qemu_receive_packet() for loopback packet (Jason Wang)  [Orabug: 32560540]
{CVE-2021-3416}
- e1000: switch to use qemu_receive_packet() for loopback (Jason Wang)  [Orabug: 32560540]
{CVE-2021-3416}
- net: introduce qemu_receive_packet() (Jason Wang)  [Orabug: 32560540]  {CVE-2021-3416}
- target/i386: Populate x86_ext_save_areas offsets using cpuid where possible (David Edmondson)
- target/i386: Observe XSAVE state area offsets (David Edmondson)
- target/i386: Make x86_ext_save_areas visible outside cpu.c (David Edmondson)
- target/i386: Pass buffer and length to XSAVE helper (David Edmondson)
- target/i386: Clarify the padding requirements of X86XSaveArea (David Edmondson)
- target/i386: Consolidate the X86XSaveArea offset checks (David Edmondson)
- target/i386: Declare constants for XSAVE offsets (David Edmondson)

_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata

From:		Errata Announcements for Oracle Linux via El-errata <el-errata@oss.oracle.com>
To:		el-errata@oss.oracle.com
Subject:		[El-errata] ELSA-2022-9123 Important: Oracle Linux 7 qemu security update (aarch64)
Date:		Wed, 09 Feb 2022 07:23:47 -0800
Message-ID:		<mailman.155.1644420235.31715.el-errata@oss.oracle.com>