Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * hw: TSX Transaction Asynchronous Abort * QEMU: slirp: heap buffer overflow during packet reassembly For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Bug Fix: * [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm Enhancement: * [Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed : 1734745 - CVE-2019-14378 QEMU: slirp: heap buffer overflow during packet reassembly 1753062 - CVE-2019-11135 hw: TSX Transaction Asynchronous Abort 6. Package List: Red Hat Enterprise Linux Client : Source: qemu-kvm-1.5.3-167.el7_7.4.src.rpm x86_64: qemu-img-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-common-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-debuginfo-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-tools-1.5.3-167.el7_7.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional : Source: qemu-kvm-1.5.3-167.el7_7.4.src.rpm x86_64: qemu-img-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-common-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-debuginfo-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-tools-1.5.3-167.el7_7.4.x86_64.rpm Red Hat Enterprise Linux Server : Source: qemu-kvm-1.5.3-167.el7_7.4.src.rpm x86_64: qemu-img-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-common-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-debuginfo-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-tools-1.5.3-167.el7_7.4.x86_64.rpm Red Hat Enterprise Linux Workstation : Source: qemu-kvm-1.5.3-167.el7_7.4.src.rpm x86_64: qemu-img-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-common-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-debuginfo-1.5.3-167.el7_7.4.x86_64.rpm qemu-kvm-tools-1.5.3-167.el7_7.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-11135 https://access.redhat.com/security/cve/CVE-2019-14378 https://access.redhat.com/security/updates/classification/#important