[Oraclevm-errata] OVMSA-2013-0040 Important: Oracle VM 3.2 xen security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Fri May 17 15:24:16 PDT 2013

Oracle VM Security Advisory OVMSA-2013-0040

The following updated rpms for Oracle VM 3.2 have been uploaded to the 
Unbreakable Linux Network:



Description of changes:

- libxc: limit cpu values when setting vcpu affinity
   When support for pinning more than 64 cpus was added, check for cpu
   out-of-range values was removed. This can lead to subsequent
   out-of-bounds cpumap array accesses in case the cpu number is higher
   than the actual count.
   This patch returns the check.
   This is CVE-2013-2072 / XSA-56
   Signed-off-by: Petr Matousek <pmatouse at redhat.com>
   Signed-off-by: Chuck Anderson <chuck.anderson at oracle.com>
   Reviewed-by: Jerry Snitselaar <jerry.snitselaar at oracle.com> [bug 
16794726] {CVE-2013-2072}

More information about the Oraclevm-errata mailing list