[Oraclevm-errata] OVMSA-2013-0074 Important: Oracle VM 2.2 xen security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Wed Oct 16 09:40:08 PDT 2013 

Oracle VM Security Advisory OVMSA-2013-0074

The following updated rpms for Oracle VM 2.2 have been uploaded to the 
Unbreakable Linux Network:

i386:
xen-3.4.0-0.1.55.el5.i386.rpm
xen-64-3.4.0-0.1.55.el5.noarch.rpm
xen-debugger-3.4.0-0.1.55.el5.noarch.rpm
xen-devel-3.4.0-0.1.55.el5.i386.rpm
xen-pvhvm-devel-3.4.0-0.1.55.el5.i386.rpm
xen-tools-3.4.0-0.1.55.el5.i386.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/2.2/SRPMS-updates/xen-3.4.0-0.1.55.el5.src.rpm



Description of changes:

[3.4.0-0.1.55]
- x86: check segment descriptor read result in 64-bit OUTS emulation 
XSA-67 (Matthew Daley) [orabug 17571640] {CVE-2013-4368}

[3.4.0-0.1.54]
- x86: properly set up fbld emulation operand address XSA-66 (Jan 
Beulich) [orabug 17472492] {CVE-2013-4361}

[3.4.0-0.1.53]
- x86: properly handle hvm_copy_from_guest_{phys,virt}() errors XSA-63 
(Jan Beulich) [orabug 17472461] {CVE-2013-4355}

[3.4.0-0.1.52]
- libxc: builder: limit maximum size of kernel/ramdisk (Ian Campbell) 
[orabug 15852491] {CVE-2012-4544}
- libxc: builder: Correct fix for CVE-2012-4544 (Ian Campbell) [orabug 
15852491] {CVE-2012-4544}

[3.4.0-0.1.51]
- [PATCH 01/21] libelf: abolish libelf-relocate.c (Ian Jackson) [orabug 
16902308] {CVE-2013-2194 CVE-2013-2195 CVE-2013-2196}
- [PATCH 02/21] libxc: introduce xc_dom_seg_to_ptr_pages (Ian Jackson) 
[orabug 16902308] {CVE-2013-2194 CVE-2013-2195 CVE-2013-2196}
- [PATCH 03/21] libxc: Fix range checking in xc_dom_pfn_to_ptr etc. (Ian 
Jackson) [orabug 16902308] {CVE-2013-2194 CVE-2013-2195 CVE-2013-2196}
- [PATCH 04/21] libelf: abolish elf_sval and elf_access_signed (Ian 
Jackson) [orabug 16902308] {CVE-2013-2194 CVE-2013-2195 CVE-2013-2196}
- [PATCH 05/21] libelf/xc_dom_load_elf_symtab: Do not use "syms" 
uninitialised (Ian Jackson) [orabug 16902308] {CVE-2013-2194 
CVE-2013-2195 CVE-2013-2196}
- [PATCH 06/21] libelf: introduce macros for memory access and pointer 
handling
(Ian Jackson) [orabug 16902308] {CVE-2013-2194 CVE-2013-2195 CVE-2013-2196}
- [PATCH 07/21] tools/xcutils/readnotes: adjust print_l1_mfn_valid_note 
(Ian Jackson) [orabug 16902308] {CVE-2013-2194 CVE-2013-2195 CVE-2013-2196}
- [PATCH 08/21] libelf: check nul-terminated strings properly (Ian 
Jackson) [orabug 16902308] {CVE-2013-2194 CVE-2013-2195 CVE-2013-2196}
- [PATCH 09/21] libelf: check all pointer accesses (Ian Jackson) [orabug 
16902308] {CVE-2013-2194 CVE-2013-2195 CVE-2013-2196}
- [PATCH 10/21] libelf: Check pointer references in elf_is_elfbinary 
(Ian Jackson) [orabug 16902308] {CVE-2013-2194 CVE-2013-2195 CVE-2013-2196}
- [PATCH 11/21] libelf: Make all callers call elf_check_broken (Ian 
Jackson) [orabug 16902308] {CVE-2013-2194 CVE-2013-2195 CVE-2013-2196}
- [PATCH 12/21] libelf: use C99 bool for booleans (Ian Jackson) [orabug 
16902308] {CVE-2013-2194 CVE-2013-2195 CVE-2013-2196}
- [PATCH 13/21] libelf: use only unsigned integers (Ian Jackson) [orabug 
16902308] {CVE-2013-2194 CVE-2013-2195 CVE-2013-2196}
- [PATCH 14/21] libxc: Introduce xc_bitops.h (Ian Jackson) [orabug 
16902308] {CVE-2013-2194 CVE-2013-2195 CVE-2013-2196}
- [PATCH 15/21] libelf: check loops for running away (Ian Jackson) 
[orabug 16902308] {CVE-2013-2194 CVE-2013-2195 CVE-2013-2196}
- [PATCH 16/21] libelf: abolish obsolete macros (Ian Jackson) [orabug 
16902308] {CVE-2013-2194 CVE-2013-2195 CVE-2013-2196}
- [PATCH 17/21] libxc: Add range checking to xc_dom_binloader (Ian 
Jackson) [orabug 16902308] {CVE-2013-2194 CVE-2013-2195 CVE-2013-2196}
- [PATCH 18/21] libxc: check failure of xc_dom_*_to_ptr, 
xc_map_foreign_range (Ian Jackson) [orabug 16902308] {CVE-2013-2194 
CVE-2013-2195 CVE-2013-2196}
- [PATCH 19/21] libxc: check return values from malloc (Ian Jackson) 
[orabug 16902308] {CVE-2013-2194 CVE-2013-2195 CVE-2013-2196}
- [PATCH 20/21] libxc: range checks in xc_dom_p2m_host and _guest (Ian 
Jackson) [orabug 16902308] {CVE-2013-2194 CVE-2013-2195 CVE-2013-2196}
- [PATCH 21/21] libxc: check blob size before proceeding in 
xc_dom_check_gzip (Matthew Daley) [orabug 16902308] {CVE-2013-2194 
CVE-2013-2195 CVE-2013-2196}
- libxc: define INVALID_MFN for the XSA-55 patchset (Chuck Anderson) 
[orabug 16902308] {CVE-2013-2194 CVE-2013-2195 CVE-2013-2196}

[3.4.0-0.1.50]
- fix page refcount handling in page table pin error path (Andrew 
Cooper) [orabug 16949882] {CVE-2013-1432}

[3.4.0-0.1.49]
- remove CVE-2013-1919 (Chuck Anderson) [orabug 16635741] {CVE-2013-1919}

[3.4.0-0.1.48]
- x86: make vcpu_destroy_pagetables() preemptible (Jan Beulich) [orabug 
16714903] {CVE-2013-1918}
- x86: make new_guest_cr3() preemptible (Jan Beulich) [orabug 16714903] 
{CVE-2013-1918}
- x86: make MMUEXT_NEW_USER_BASEPTR preemptible (Jan Beulich) [orabug 
16714903] {CVE-2013-1918}
- x86: make vcpu_reset() preemptible (Jan Beulich) [orabug 16714903] 
{CVE-2013-1918}
- x86: make arch_set_info_guest() preemptible (Jan Beulich) [orabug 
16714903] {CVE-2013-1918}
- x86: make page table unpinning preemptible (Jan Beulich) [orabug 
16714903] {CVE-2013-1918}
- x86: make page table handling error paths preemptible (Jan Beulich) 
[orabug 16714903] {CVE-2013-1918}

More information about the Oraclevm-errata mailing list