[Oraclevm-errata] OVMSA-2013-0087 Important: Oracle VM 3.1 xen security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Fri Dec 6 09:18:19 PST 2013


Oracle VM Security Advisory OVMSA-2013-0087

The following updated rpms for Oracle VM 3.1 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
xen-4.1.2-18.el5.115.x86_64.rpm
xen-devel-4.1.2-18.el5.115.x86_64.rpm
xen-tools-4.1.2-18.el5.115.x86_64.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.1/SRPMS-updates/xen-4.1.2-18.el5.115.src.rpm



Description of changes:

[4.1.2-18.el5.115]
- x86/HVM: only allow ring 0 guest code to make hypercalls
   Anything else would allow for privilege escalation.
   This is CVE-2013-4554 / XSA-76.
   Signed-off-by: Jan Beulich <jbeulich at suse.com>
   Signed-off-by: Chuck Anderson <chuck.anderson at oracle.com>
   Reviewed-by: Jerry Snitselaar <jerry.snitselaar at oracle.com> [bug 
17822308] {CVE-2013-4554}

[4.1.2-18.el5.114]
- x86: restrict XEN_DOMCTL_getmemlist
   Coverity ID 1055652
   (See the code comment.)
   This is CVE-2013-4553 / XSA-74.
   Signed-off-by: Jan Beulich <jbeulich at suse.com>
   Reviewed-by: Andrew Cooper <andrew.cooper3 at citrix.com>
   Reviewed-by: Tim Deegan <tim at xen.org>
   Signed-off-by: Chuck Anderson <chuck.anderson at oracle.com>
   Reviewed-by: Jerry Snitselaar <jerry.snitselaar at oracle.com> [bug 
17821891] {CVE-2013-4553}

[4.1.2-18.el5.113]
- gnttab: correct locking order reversal
   Coverity ID 1087189
   Correct a lock order reversal between a domains page allocation and grant
   table locks.
   This is CVE-2013-4494 / XSA-73.
   Signed-off-by: Andrew Cooper <andrew.cooper3 at citrix.com>
   Consolidate error handling.
   Signed-off-by: Jan Beulich <jbeulich at suse.com>
   Reviewed-by: Keir Fraser <keir at xen.org>
   Tested-by: Matthew Daley <mattjd at gmail.com>
   Backported to Xen-4.1
   Signed-off-by: Andrew Cooper <andrew.cooper3 at citrix.com>
   Signed-off-by: Chuck Anderson <chuck.anderson at oracle.com>
   Reviewed-by: John Haxby <john.haxby at oracle.com> [bug 17761063] 
{CVE-2013-4494}



More information about the Oraclevm-errata mailing list