Synopsis: Important: qemu-kvm security update
Advisory ID: SLSA-2019:1883-1
Issue Date: 2019-07-29
CVE Numbers: CVE-2019-6778
Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm-ma packages provide the
user-space component for running virtual machines that use KVM on the IBM z
Systems, IBM Power, and 64-bit ARM architectures.
* QEMU: device_tree: heap buffer overflow while loading device tree blob
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
* As newer machine remove csske feature, detection of the processor fail
and machine used old version as fallback. This update make feature
conditional so detection of newer cpu works properly. (BZ#1720262)
– Scientific Linux Development Team