[Oraclevm-errata] OVMSA-2012-0050 Important: Oracle VM 3.0 xen Security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Tue Nov 13 16:18:57 PST 2012
Oracle VM Security Advisory OVMSA-2012-0050
The following updated rpms for Oracle VM 3.0 have been uploaded to the
Unbreakable Linux Network:
x86_64:
xen-4.0.0-81.el5.18.x86_64.rpm
xen-devel-4.0.0-81.el5.18.x86_64.rpm
xen-tools-4.0.0-81.el5.18.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.0/SRPMS-updates/xen-4.0.0-81.el5.18.src.rpm
Description of changes:
[4.0.0-81.el5.18]
- compat/gnttab: Prevent infinite loop in compat code
c/s 20281:95ea2052b41b, which introduces Grant Table version 2
hypercalls introduces a vulnerability whereby the compat hypercall
handler can fall into an infinite loop.
If the watchdog is enabled, Xen will die after the timeout.
This is a security problem, XSA-24 / CVE-2012-4539.
Signed-off-by: Andrew Cooper <andrew.cooper3 at citrix.com>
Acked-by: Jan Beulich <jbeulich at suse.com>
Acked-by: Ian Jackson <ian.jackson at eu.citrix.com>
Signed-off-by: Chuck Anderson <chuck.anderson at oracle.com> [bug
15852510] {CVE-2012-4539}
[4.0.0-81.el5.17]
- xen/mm/shadow: check toplevel pagetables are present before unhooking
them.
If the guest has not fully populated its top-level PAE entries when
it calls
HVMOP_pagetable_dying, the shadow code could try to unhook entries from
MFN 0. Add a check to avoid that case.
This issue was introduced by c/s 21239:b9d2db109cf5.
This is a security problem, XSA-23 / CVE-2012-4538.
Signed-off-by: Tim Deegan <tim at xen.org>
Tested-by: Andrew Cooper <andrew.cooper3 at citrix.com>
Acked-by: Ian Campbell <ian.campbell at citrix.com>
Signed-off-by: Chuck Anderson <chuck.anderson at oracle.com> [bug
15854935] {CVE-2012-4538}
[4.0.0-81.el5.16]
- x86/physmap: Prevent incorrect updates of m2p mappings
In certain conditions, such as low memory, set_p2m_entry() can fail.
Currently, the p2m and m2p tables will get out of sync because we still
update the m2p table after the p2m update has failed.
If that happens, subsequent guest-invoked memory operations can cause
BUG()s and ASSERT()s to kill Xen.
This is fixed by only updating the m2p table iff the p2m was
successfully updated.
This is a security problem, XSA-22 / CVE-2012-4537.
Signed-off-by: Andrew Cooper <andrew.cooper3 at citrix.com>
Acked-by: Ian Campbell <ian.campbell at citrix.com>
Acked-by: Ian Jackson <ian.jackson at eu.citrix.com>
Signed-off-by: Chuck Anderson <chuck.anderson at oracle.com> [bug
15854852] {CVE-2012-4537}
[4.0.0-81.el5.15]
- VCPU/timers: Prevent overflow in calculations, leading to DoS
vulnerability
The timer action for a vcpu periodic timer is to calculate the next
expiry time, and to reinsert itself into the timer queue. If the
deadline ends up in the past, Xen never leaves __do_softirq(). The
affected PCPU will stay in an infinite loop until Xen is killed by the
watchdog (if enabled).
This is a security problem, XSA-20 / CVE-2012-4535.
Signed-off-by: Andrew Cooper <andrew.cooper3 at citrix.com>
Acked-by: Ian Campbell <ian.campbell at citrix.com>
Signed-off-by: Chuck Anderson <chuck.anderson at oracle.com> [bug
15854818] {CVE-2012-4535}
[4.0.0-81.el5.14]
- always release vm running lock on VM shutdown
Before this patch, when xend restarted, the VM running lock will not be
released
on shutdown, so the VM could never start again.
Talked with Junjie, we recommend always releasing the lock on VM
shutdown. So
even when xend restarted, there should be no stale lock leaving there.
Backported-by: Joe Jin <joe.jin at oracle.com>
Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com>
Signed-off-by: Adnan Misherfi <adnan.misherfi at oracle.com>
Signed-off-by: Junjie Wei <junjie.wei at oracle.com>
Signed-off-by: Chuck Anderson <chuck.anderson at oracle.com> [bug 14799467]]
[4.0.0-81.el5.13]
- Xen Security Advisory CVE-2012-4411 / XSA-19
version 2
guest administrator can access qemu monitor console
Disable qemu monitor by default. The qemu monitor is an overly
powerful feature which must be protected from untrusted (guest)
administrators.
Signed-off-by: Ian Jackson <ian.jackson at eu.citrix.com>
Signed-off-by: Chuck Anderson <chuck.anderson at oracle.com> [bug
14612359] {CVE-2012-4411}
More information about the Oraclevm-errata
mailing list