FEDORA-2017-8db9c497f9

security update in Fedora 27 for qemu

Status: stable 2 years ago
  • Fix ppc64 KVM failure (bz #1501936)
  • CVE-2017-15038: 9p: information disclosure when reading extended attributes (bz #1499111)
  • CVE-2017-15268: potential memory exhaustion via websock connection to VNC (bz #1496882)

qemu-pr-helper didn't work due to a change in the libmultipath/libmpathpersist APIs exposed by device-mapper-multipath-devel. This has been fixed now. Other small changes to the qemu-pr-helper service are included.


Backport qemu-pr-helper from QEMU 2.11. This daemon allows unprivileged users (who have access to the daemon) to use persistent reservation commands on both regular disks and multipath block devices.

How to install

sudo dnf upgrade --advisory=FEDORA-2017-8db9c497f9

Comments 12

This update has been submitted for testing by crobinso.

This update has obsoleted qemu-2.10.0-5.fc27, and has inherited its bugs and notes.

This update has been pushed to testing.

works for me

karma: +1

Works great! LGTM! =)

karma: +1

This update has reached 3 days in testing and can be pushed to stable now if the maintainer wishes

no regressions noted

karma: +1

nothing spotted

karma: +1

my VMs work fine

karma: +1

Works

karma: +1

This update has been submitted for stable by crobinso.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+6
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Disabled
Autopush (time)
Disabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 5

00 #1496879 CVE-2017-15268 Qemu: I/O: potential memory exhaustion via websock connection to VNC
00 #1496882 CVE-2017-15268. qemu: CVE-2017-15268. . Qemu: I/O: potential memory exhaustion via websock connection to VNC [fedora-all]
00 #1499110 CVE-2017-15038 Qemu: 9p: virtfs: information disclosure when reading extended attributes
00 #1499111 CVE-2017-15038 Qemu: 9p: virtfs: information disclosure when reading extended attributes [fedora-all]
00 #1501936 Qemu-2.10.0-4.fc27 reports: qemu-system-ppc64: Unable to set CPU compatibility mode in KVM: Invalid argument

Automated Test Results