Oracle Linux Security Advisory ELSA-2021-9638

https://linux.oracle.com/errata/ELSA-2021-9638.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
qemu-common-4.2.1-13.el7.x86_64.rpm
qemu-system-x86-core-4.2.1-13.el7.x86_64.rpm
qemu-block-gluster-4.2.1-13.el7.x86_64.rpm
qemu-block-iscsi-4.2.1-13.el7.x86_64.rpm
qemu-block-rbd-4.2.1-13.el7.x86_64.rpm
qemu-img-4.2.1-13.el7.x86_64.rpm
qemu-4.2.1-13.el7.x86_64.rpm
qemu-kvm-4.2.1-13.el7.x86_64.rpm
qemu-kvm-core-4.2.1-13.el7.x86_64.rpm
qemu-system-x86-4.2.1-13.el7.x86_64.rpm


SRPMS:
https://oss.oracle.com:443/ol7/SRPMS-updates/qemu-4.2.1-13.el7.src.rpm

Related CVEs:

CVE-2020-29129
CVE-2020-29130
CVE-2021-20257
CVE-2021-3592
CVE-2021-3593
CVE-2021-3594
CVE-2021-3595
CVE-2021-3682
CVE-2021-3713
CVE-2021-3930




Description of changes:

[15:4.2.1-13.el7]
- pcie: Do not set power state for some hot-plugged devices (Annie Li)  [Orabug:
  33642532]

[15:4.2.1-12.1.el7]
- Update slirp to address various CVEs (Mark Kanda)  [Orabug: 32208456] [Orabug: 33014409] [Orabug: 33014414] [Orabug: 33014417] [Orabug: 33014420]  {CVE-2020-29129} {CVE-2020-29130} {CVE-2021-3592} {CVE-2021-3593} {CVE-2021-3594} {CVE-2021-3595}
- Revert "Update libslirp to v4.6.1" (Mark Kanda)  [Orabug: 33607100]

[15:4.2.1-12.el7]
- hw/pflash_cfi01: Allow backing devices to be smaller than memory region (David Edmondson)
- pcie: expire pending delete (Gerd Hoffmann)  [Orabug: 33450706]
- pcie: fast unplug when slot power is off (Gerd Hoffmann)  [Orabug: 33450706]
- pcie: factor out pcie_cap_slot_unplug() (Gerd Hoffmann)  [Orabug: 33450706]
- pcie: add power indicator blink check (Gerd Hoffmann)  [Orabug: 33450706]
- pcie: implement slot power control for pcie root ports (Gerd Hoffmann)  [Orabug: 33450706]
- pci: implement power state (Gerd Hoffmann)  [Orabug: 33450706]
- hw/pci/pcie: Move hot plug capability check to pre_plug callback (Julia Suvorova)  [Orabug: 33450706]
- hw/pci/pcie: Replace PCI_DEVICE() casts with existing variable (Julia Suvorova)  [Orabug: 33450706]
- hw/pci/pcie: Forbid hot-plug if it's disabled on the slot (Julia Suvorova)  [Orabug: 33450706]
- pcie_root_port: Add hotplug disabling option (Julia Suvorova)  [Orabug: 33450706]
- qdev-monitor: Forbid repeated device_del (Julia Suvorova)  [Orabug: 33450706]
- i386:acpi: Remove _HID from the SMBus ACPI entry (Corey Minyard)
- uas: add stream number sanity checks. (Gerd Hoffmann)  [Orabug: 33280793]  {CVE-2021-3713}
- usbredir: fix free call (Gerd Hoffmann)  [Orabug: 33198441]  {CVE-2021-3682}
- hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE SELECT commands (Mauro Matteo Cascella)  [Orabug: 33548490]  {CVE-2021-3930}
- e1000: fix tx re-entrancy problem (Jon Maloy)  [Orabug: 32560552]  {CVE-2021-20257}
- Update libslirp to v4.6.1 (Marc-Andr=E9 Lureau)  [Orabug: 33014409] [Orabug: 33014414] [Orabug: 33014417] [Orabug: 33014420]  {CVE-2020-10756} {CVE-2020-1983} {CVE-2020-29129} {CVE-2021-3592} {CVE-2021-3593} {CVE-2021-3594} {CVE-2021-3595}
- virtio-net-pci: Don't use "efi-virtio.rom" on AArch64 (Mark Kanda)
- MAINTAINERS: Add ACPI/HEST/GHES entries (Dongjiu Geng)
- target-arm: kvm64: handle SIGBUS signal from kernel or KVM (Dongjiu Geng)
- ACPI: Record Generic Error Status Block(GESB) table (Dongjiu Geng)
- KVM: Move hwpoison page related functions into kvm-all.c (Dongjiu Geng)
- ACPI: Record the Generic Error Status Block address (Dongjiu Geng)
- ACPI: Build Hardware Error Source Table (Dongjiu Geng)
- ACPI: Build related register address fields via hardware error fw_cfg blob (Dongjiu Geng)
- docs: APEI GHES generation and CPER record description (Dongjiu Geng)
- hw/arm/virt: Introduce a RAS machine option (Dongjiu Geng)
- acpi: nvdimm: change NVDIMM_UUID_LE to a common macro (Dongjiu Geng)
- block/curl: HTTP header field names are case insensitive (David Edmondson)  [Orabug: 33287589]
- block/curl: HTTP header fields allow whitespace around values (David Edmondson)  [Orabug: 33287589]


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata

Oracle7: ELSA-2021-9638: qemu Important Security Update

The following updated rpms for Oracle Linux 7 have been uploaded to the Unb= reakable Linux Network:

Summary

[15:4.2.1-13.el7] - pcie: Do not set power state for some hot-plugged devices (Annie Li) [Orabug: 33642532] [15:4.2.1-12.1.el7] - Update slirp to address various CVEs (Mark Kanda) [Orabug: 32208456] [Orabug: 33014409] [Orabug: 33014414] [Orabug: 33014417] [Orabug: 33014420] {CVE-2020-29129} {CVE-2020-29130} {CVE-2021-3592} {CVE-2021-3593} {CVE-2021-3594} {CVE-2021-3595} - Revert "Update libslirp to v4.6.1" (Mark Kanda) [Orabug: 33607100] [15:4.2.1-12.el7] - hw/pflash_cfi01: Allow backing devices to be smaller than memory region (David Edmondson) - pcie: expire pending delete (Gerd Hoffmann) [Orabug: 33450706] - pcie: fast unplug when slot power is off (Gerd Hoffmann) [Orabug: 33450706] - pcie: factor out pcie_cap_slot_unplug() (Gerd Hoffmann) [Orabug: 33450706] - pcie: add power indicator blink check (Gerd Hoffmann) [Orabug: 33450706] - pcie: implement slot power control for pcie root ports (Gerd Hoffmann) [Orabug: 33450706] - pci: implement power state (Gerd Hoffmann)...

Read the Full Advisory

SRPMs

https://oss.oracle.com:443/ol7/SRPMS-updates/qemu-4.2.1-13.el7.src.rpm

x86_64

qemu-common-4.2.1-13.el7.x86_64.rpm qemu-system-x86-core-4.2.1-13.el7.x86_64.rpm qemu-block-gluster-4.2.1-13.el7.x86_64.rpm qemu-block-iscsi-4.2.1-13.el7.x86_64.rpm qemu-block-rbd-4.2.1-13.el7.x86_64.rpm qemu-img-4.2.1-13.el7.x86_64.rpm qemu-4.2.1-13.el7.x86_64.rpm qemu-kvm-4.2.1-13.el7.x86_64.rpm qemu-kvm-core-4.2.1-13.el7.x86_64.rpm qemu-system-x86-4.2.1-13.el7.x86_64.rpm

aarch64

i386

- uas: add stream number sanity checks. (Gerd Hoffmann) [Orabug: 33280793] {CVE-2021-3713} - usbredir: fix free call (Gerd Hoffmann) [Orabug: 33198441] {CVE-2021-3682} - hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE SELECT commands (Mauro Matteo Cascella) [Orabug: 33548490] {CVE-2021-3930} - e1000: fix tx re-entrancy problem (Jon Maloy) [Orabug: 32560552] {CVE-2021-20257} - Update libslirp to v4.6.1 (Marc-Andr=E9 Lureau) [Orabug: 33014409] [Orabug: 33014414] [Orabug: 33014417] [Orabug: 33014420] {CVE-2020-10756} {CVE-2020-1983} {CVE-2020-29129} {CVE-2021-3592} {CVE-2021-3593} {CVE-2021-3594} {CVE-2021-3595} - virtio-net-pci: Don't use "efi-virtio.rom" on AArch64 (Mark Kanda) - MAINTAINERS: Add ACPI/HEST/GHES entries (Dongjiu Geng) - target-arm: kvm64: handle SIGBUS signal from kernel or KVM (Dongjiu Geng) - ACPI: Record Generic Error Status Block(GESB) table (Dongjiu Geng) - KVM: Move hwpoison page related functions into kvm-all.c (Dongjiu Geng) - ACPI: Record the ...

Read the Full Advisory

Severity
Related CVEs: CVE-2020-29129 CVE-2020-29130 CVE-2021-20257 CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 CVE-2021-3682 CVE-2021-3713 CVE-2021-3930

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved