[Oraclevm-errata] OVMSA-2013-0087 Important: Oracle VM 3.1 xen security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Fri Dec 6 09:18:19 PST 2013
Oracle VM Security Advisory OVMSA-2013-0087
The following updated rpms for Oracle VM 3.1 have been uploaded to the
Unbreakable Linux Network:
x86_64:
xen-4.1.2-18.el5.115.x86_64.rpm
xen-devel-4.1.2-18.el5.115.x86_64.rpm
xen-tools-4.1.2-18.el5.115.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.1/SRPMS-updates/xen-4.1.2-18.el5.115.src.rpm
Description of changes:
[4.1.2-18.el5.115]
- x86/HVM: only allow ring 0 guest code to make hypercalls
Anything else would allow for privilege escalation.
This is CVE-2013-4554 / XSA-76.
Signed-off-by: Jan Beulich <jbeulich at suse.com>
Signed-off-by: Chuck Anderson <chuck.anderson at oracle.com>
Reviewed-by: Jerry Snitselaar <jerry.snitselaar at oracle.com> [bug
17822308] {CVE-2013-4554}
[4.1.2-18.el5.114]
- x86: restrict XEN_DOMCTL_getmemlist
Coverity ID 1055652
(See the code comment.)
This is CVE-2013-4553 / XSA-74.
Signed-off-by: Jan Beulich <jbeulich at suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3 at citrix.com>
Reviewed-by: Tim Deegan <tim at xen.org>
Signed-off-by: Chuck Anderson <chuck.anderson at oracle.com>
Reviewed-by: Jerry Snitselaar <jerry.snitselaar at oracle.com> [bug
17821891] {CVE-2013-4553}
[4.1.2-18.el5.113]
- gnttab: correct locking order reversal
Coverity ID 1087189
Correct a lock order reversal between a domains page allocation and grant
table locks.
This is CVE-2013-4494 / XSA-73.
Signed-off-by: Andrew Cooper <andrew.cooper3 at citrix.com>
Consolidate error handling.
Signed-off-by: Jan Beulich <jbeulich at suse.com>
Reviewed-by: Keir Fraser <keir at xen.org>
Tested-by: Matthew Daley <mattjd at gmail.com>
Backported to Xen-4.1
Signed-off-by: Andrew Cooper <andrew.cooper3 at citrix.com>
Signed-off-by: Chuck Anderson <chuck.anderson at oracle.com>
Reviewed-by: John Haxby <john.haxby at oracle.com> [bug 17761063]
{CVE-2013-4494}
More information about the Oraclevm-errata
mailing list