[Oraclevm-errata] OVMSA-2013-0040 Important: Oracle VM 3.2 xen security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Fri May 17 15:24:16 PDT 2013
Oracle VM Security Advisory OVMSA-2013-0040
The following updated rpms for Oracle VM 3.2 have been uploaded to the
Unbreakable Linux Network:
x86_64:
xen-4.1.3-25.el5.6.10.x86_64.rpm
xen-devel-4.1.3-25.el5.6.10.x86_64.rpm
xen-tools-4.1.3-25.el5.6.10.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.2/SRPMS-updates/xen-4.1.3-25.el5.6.10.src.rpm
Description of changes:
[4.1.3-25.el5.6.10]
- libxc: limit cpu values when setting vcpu affinity
When support for pinning more than 64 cpus was added, check for cpu
out-of-range values was removed. This can lead to subsequent
out-of-bounds cpumap array accesses in case the cpu number is higher
than the actual count.
This patch returns the check.
This is CVE-2013-2072 / XSA-56
Signed-off-by: Petr Matousek <pmatouse at redhat.com>
Signed-off-by: Chuck Anderson <chuck.anderson at oracle.com>
Reviewed-by: Jerry Snitselaar <jerry.snitselaar at oracle.com> [bug
16794726] {CVE-2013-2072}
More information about the Oraclevm-errata
mailing list