[Oraclevm-errata] OVMSA-2012-0020 Important: Oracle VM 3.0 xen security and bug fix update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Wed Jun 13 16:30:39 PDT 2012
Oracle VM Security Advisory OVMSA-2012-0020
The following updated rpms for Oracle VM 3.0 have been uploaded to the
Unbreakable Linux Network:
x86_64:
xen-4.0.0-81.el5.7.x86_64.rpm
xen-devel-4.0.0-81.el5.7.x86_64.rpm
xen-tools-4.0.0-81.el5.7.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.0/SRPMS-updates/xen-4.0.0-81.el5.7.src.rpm
Description of changes:
[4.0.0-81.el5.7 ]
- x86-64: detect processors subject to AMD erratum #121 and refuse to
boot{CVE-2006-0744}
Signed-off-by: Jan Beulich <JBeulich at suse.com>
Signed-off-by: Ian Campbell <ian.campbell at citrix.com>
Backported-by: Joe Jin <joe.jin at oracle.com> [bug 13993237]
[4.0.0-81.el5.6 ]
- guest denial of service on syscall/sysenter exception generation
{CVE-2012-0217}
Backported-by: Joe Jin <joe.jin at oracle.com> [bug 13993237]]
[4.0.0-81.el5.5 ]
- Remove unecessary balloon retries on vm create.
This is a backport from fix for bug 14143327.
Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com>
Backported-by: Joe Jin <joe.jin at oracle.com> [bug 14143375]
[4.0.0-81.el5.4 ]
- This backport from 3.1.1:
http://ca-svn.us.oracle.com/viewvc/xen?revision=2935&view=revision
Author: amisherf
Put back the patch that prevent older guest that uses kudzu from hanging
on a reboot. Fixed the patch to prevent excessive watcher writes which
causes xend, xenstored to run at a 100% cpu usage. Now the watch is
written
only if console in Initialising, InitWait, Initialised states which
happen
once at boot time. [bug 13523487]
[4.0.0-81.el5.3 ]
- Backport from upstream changeset 20968
xend: notify xenpv device model that console info is ready
Sometimes PV domain with vfb doesn't boot up. /sbin/kudzu is stuck.
After investigation, I've found that the evtchn for console is not
bound at all.
Normal sequence of evtchn initialization in qemu-dm for xenpv is:
1) watch xenstore backpath (/local/domain/0/backend/console/<domid>/0)
2) read console info (/local/domain/<domid>/console/{type, ring-ref,
port..=
})
3) bind the evtchn to the port.
But in some case, xend writes to the backpath before the console info
is prepared, and never write to the backpath again. So the qemu-dm
fails at 2) and never reach to 3).
When this happens, manually xenstore-write command on Domain-0
resumes the guest.
Backported-by: Joe Jin <joe.jin at oracle.com> [bug 13912802]
[4.0.0-81.el5.2 ]
- Set max cstate to 1.
This is a backport requirement for bug 13703504.
We have several bugs that cstate made system unstable, both for ovm2
and ovm3:
For OVM3.x:
Bug 13703504 - unexplained network disconnect causes ocfs to fence
the server
https://forums.oracle.com/forums/thread.jspa?threadID=2347014&tstart=0
For OVM2.x
https://bug.oraclecorp.com/pls/bug/webbug_edit.edit_info_top?rptno=10631565
https://bug.oraclecorp.com/pls/bug/webbug_edit.edit_info_top?rptno=13494054
[bug 13703504]
More information about the Oraclevm-errata
mailing list