[Oraclevm-errata] OVMSA-2012-0050 Important: Oracle VM 3.0 xen Security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Tue Nov 13 16:18:57 PST 2012


Oracle VM Security Advisory OVMSA-2012-0050

The following updated rpms for Oracle VM 3.0 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
xen-4.0.0-81.el5.18.x86_64.rpm
xen-devel-4.0.0-81.el5.18.x86_64.rpm
xen-tools-4.0.0-81.el5.18.x86_64.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.0/SRPMS-updates/xen-4.0.0-81.el5.18.src.rpm



Description of changes:

[4.0.0-81.el5.18]
- compat/gnttab: Prevent infinite loop in compat code
   c/s 20281:95ea2052b41b, which introduces Grant Table version 2
   hypercalls introduces a vulnerability whereby the compat hypercall
   handler can fall into an infinite loop.
   If the watchdog is enabled, Xen will die after the timeout.
   This is a security problem, XSA-24 / CVE-2012-4539.
   Signed-off-by: Andrew Cooper <andrew.cooper3 at citrix.com>
   Acked-by: Jan Beulich <jbeulich at suse.com>
   Acked-by: Ian Jackson <ian.jackson at eu.citrix.com>
   Signed-off-by: Chuck Anderson <chuck.anderson at oracle.com> [bug 
15852510] {CVE-2012-4539}

[4.0.0-81.el5.17]
- xen/mm/shadow: check toplevel pagetables are present before unhooking 
them.
   If the guest has not fully populated its top-level PAE entries when 
it calls
   HVMOP_pagetable_dying, the shadow code could try to unhook entries from
   MFN 0.  Add a check to avoid that case.
   This issue was introduced by c/s 21239:b9d2db109cf5.
   This is a security problem, XSA-23 / CVE-2012-4538.
   Signed-off-by: Tim Deegan <tim at xen.org>
   Tested-by: Andrew Cooper <andrew.cooper3 at citrix.com>
   Acked-by: Ian Campbell <ian.campbell at citrix.com>
   Signed-off-by: Chuck Anderson <chuck.anderson at oracle.com> [bug 
15854935] {CVE-2012-4538}

[4.0.0-81.el5.16]
- x86/physmap: Prevent incorrect updates of m2p mappings
   In certain conditions, such as low memory, set_p2m_entry() can fail.
Currently, the p2m and m2p tables will get out of sync because we still
   update the m2p table after the p2m update has failed.
   If that happens, subsequent guest-invoked memory operations can cause
   BUG()s and ASSERT()s to kill Xen.
   This is fixed by only updating the m2p table iff the p2m was
   successfully updated.
   This is a security problem, XSA-22 / CVE-2012-4537.
   Signed-off-by: Andrew Cooper <andrew.cooper3 at citrix.com>
   Acked-by: Ian Campbell <ian.campbell at citrix.com>
   Acked-by: Ian Jackson <ian.jackson at eu.citrix.com>
   Signed-off-by: Chuck Anderson <chuck.anderson at oracle.com> [bug 
15854852] {CVE-2012-4537}

[4.0.0-81.el5.15]
- VCPU/timers: Prevent overflow in calculations, leading to DoS 
vulnerability
   The timer action for a vcpu periodic timer is to calculate the next
   expiry time, and to reinsert itself into the timer queue.  If the
   deadline ends up in the past, Xen never leaves __do_softirq().  The
   affected PCPU will stay in an infinite loop until Xen is killed by the
   watchdog (if enabled).
   This is a security problem, XSA-20 / CVE-2012-4535.
   Signed-off-by: Andrew Cooper <andrew.cooper3 at citrix.com>
   Acked-by: Ian Campbell <ian.campbell at citrix.com>
   Signed-off-by: Chuck Anderson <chuck.anderson at oracle.com> [bug 
15854818] {CVE-2012-4535}

[4.0.0-81.el5.14]
- always release vm running lock on VM shutdown
   Before this patch, when xend restarted, the VM running lock will not be
   released
   on shutdown, so the VM could never start again.
   Talked with Junjie, we recommend always releasing the lock on VM 
shutdown. So
   even when xend restarted, there should be no stale lock leaving there.
   Backported-by: Joe Jin <joe.jin at oracle.com>
   Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com>
   Signed-off-by: Adnan Misherfi <adnan.misherfi at oracle.com>
   Signed-off-by: Junjie Wei <junjie.wei at oracle.com>
   Signed-off-by: Chuck Anderson <chuck.anderson at oracle.com> [bug 14799467]]

[4.0.0-81.el5.13]
- Xen Security Advisory CVE-2012-4411 / XSA-19
   version 2
   guest administrator can access qemu monitor console
   Disable qemu monitor by default.  The qemu monitor is an overly
   powerful feature which must be protected from untrusted (guest)
   administrators.
   Signed-off-by: Ian Jackson <ian.jackson at eu.citrix.com>
   Signed-off-by: Chuck Anderson <chuck.anderson at oracle.com> [bug 
14612359] {CVE-2012-4411}




More information about the Oraclevm-errata mailing list