Synopsis: Important: qemu-kvm security update
Advisory ID: SLSA-2019:1883-1
Issue Date: 2019-07-29
CVE Numbers: CVE-2019-6778
--
Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm-ma packages provide the
user-space component for running virtual machines that use KVM on the IBM z
Systems, IBM Power, and 64-bit ARM architectures.
Security Fix(es):
* QEMU: device_tree: heap buffer overflow while loading device tree blob
(CVE-2018-20815)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* As newer machine remove csske feature, detection of the processor fail
and machine used old version as fallback. This update make feature
conditional so detection of newer cpu works properly. (BZ#1720262)
--
SL7
x86_64
qemu-img-1.5.3-160.el7_6.3.x86_64.rpm
qemu-kvm-1.5.3-160.el7_6.3.x86_64.rpm
qemu-kvm-common-1.5.3-160.el7_6.3.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-160.el7_6.3.x86_64.rpm
qemu-kvm-tools-1.5.3-160.el7_6.3.x86_64.rpm
- Scientific Linux Development Team
