[Oraclevm-errata] OVMSA-2015-0060 Important: Oracle VM 3.3 kernel-uek security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Thu May 14 18:28:38 PDT 2015


Oracle VM Security Advisory OVMSA-2015-0060

The following updated rpms for Oracle VM 3.3 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
kernel-uek-3.8.13-68.2.2.el6uek.x86_64.rpm
kernel-uek-firmware-3.8.13-68.2.2.el6uek.noarch.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/kernel-uek-3.8.13-68.2.2.el6uek.src.rpm



Description of changes:

[3.8.13-68.2.2.el6uek]
- crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) 
[Orabug: 21077385]  {CVE-2015-3331}

[3.8.13-68.2.1.el6uek]
- xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad 
Rzeszutek Wilk)  [Orabug: 20807438]  {CVE-2015-2150}
- xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) 
  [Orabug: 20860817] - Doc/cpu-hotplug: Specify race-free way to 
register CPU hotplug callbacks (Srivatsa S. Bhat)  [Orabug: 20917697] - 
net/iucv/iucv.c: Fix CPU hotplug callback registration (Srivatsa S. 
Bhat)  [Orabug: 20917697] - net/core/flow.c: Fix CPU hotplug callback 
registration (Srivatsa S. Bhat)  [Orabug: 20917697] - mm, vmstat: Fix 
CPU hotplug callback registration (Srivatsa S. Bhat)  [Orabug: 20917697] 
- profile: Fix CPU hotplug callback registration (Srivatsa S. Bhat) 
[Orabug: 20917697] - trace, ring-buffer: Fix CPU hotplug callback 
registration (Srivatsa S. Bhat)  [Orabug: 20917697] - hwmon, 
via-cputemp: Fix CPU hotplug callback registration (Srivatsa S. Bhat) 
[Orabug: 20917697] - hwmon, coretemp: Fix CPU hotplug callback 
registration (Srivatsa S. Bhat)  [Orabug: 20917697] - octeon, watchdog: 
Fix CPU hotplug callback registration (Srivatsa S. Bhat)  [Orabug: 
20917697] - oprofile, nmi-timer: Fix CPU hotplug callback registration 
(Srivatsa S. Bhat)  [Orabug: 20917697] - intel-idle: Fix CPU hotplug 
callback registration (Srivatsa S. Bhat)  [Orabug: 20917697] - 
drivers/base/topology.c: Fix CPU hotplug callback registration (Srivatsa 
S. Bhat)  [Orabug: 20917697] - acpi-cpufreq: Fix CPU hotplug callback 
registration (Srivatsa S. Bhat)  [Orabug: 20917697] - scsi, fcoe: Fix 
CPU hotplug callback registration (Srivatsa S. Bhat)  [Orabug: 20917697] 
- scsi, bnx2fc: Fix CPU hotplug callback registration (Srivatsa S. Bhat) 
  [Orabug: 20917697] - scsi, bnx2i: Fix CPU hotplug callback 
registration (Srivatsa S. Bhat)  [Orabug: 20917697] - arm64, 
debug-monitors: Fix CPU hotplug callback registration (Srivatsa S. Bhat) 
  [Orabug: 20917697] - arm64, hw_breakpoint.c: Fix CPU hotplug callback 
registration (Srivatsa S. Bhat)  [Orabug: 20917697] - x86, kvm: Fix CPU 
hotplug callback registration (Srivatsa S. Bhat)  [Orabug: 20917697] - 
x86, oprofile, nmi: Fix CPU hotplug callback registration (Srivatsa S. 
Bhat)  [Orabug: 20917697] - x86, pci, amd-bus: Fix CPU hotplug callback 
registration (Srivatsa S. Bhat)  [Orabug: 20917697] - x86, hpet: Fix CPU 
hotplug callback registration (Srivatsa S. Bhat)  [Orabug: 20917697] - 
x86, intel, cacheinfo: Fix CPU hotplug callback registration (Srivatsa 
S. Bhat)  [Orabug: 20917697] - x86, amd, ibs: Fix CPU hotplug callback 
registration (Srivatsa S. Bhat)  [Orabug: 20917697] - x86, 
therm_throt.c: Fix CPU hotplug callback registration (Srivatsa S. Bhat) 
  [Orabug: 20917697] - x86, mce: Fix CPU hotplug callback registration 
(Srivatsa S. Bhat)  [Orabug: 20917697] - x86, intel, uncore: Fix CPU 
hotplug callback registration (Srivatsa S. Bhat)  [Orabug: 20917697] - 
x86, vsyscall: Fix CPU hotplug callback registration (Srivatsa S. Bhat) 
  [Orabug: 20917697] - x86, cpuid: Fix CPU hotplug callback registration 
(Srivatsa S. Bhat)  [Orabug: 20917697] - x86, msr: Fix CPU hotplug 
callback registration (Srivatsa S. Bhat)  [Orabug: 20917697] - powerpc, 
sysfs: Fix CPU hotplug callback registration (Srivatsa S. Bhat) 
[Orabug: 20917697] - sparc, sysfs: Fix CPU hotplug callback registration 
(Srivatsa S. Bhat)  [Orabug: 20917697] - s390, smp: Fix CPU hotplug 
callback registration (Srivatsa S. Bhat)  [Orabug: 20917697] - s390, 
cacheinfo: Fix CPU hotplug callback registration (Srivatsa S. Bhat) 
[Orabug: 20917697] - arm, hw-breakpoint: Fix CPU hotplug callback 
registration (Srivatsa S. Bhat)  [Orabug: 20917697] - ia64, err-inject: 
Fix CPU hotplug callback registration (Srivatsa S. Bhat)  [Orabug: 
20917697] - ia64, topology: Fix CPU hotplug callback registration 
(Srivatsa S. Bhat)  [Orabug: 20917697] - ia64, palinfo: Fix CPU hotplug 
callback registration (Srivatsa S. Bhat)  [Orabug: 20917697] - CPU 
hotplug, perf: Fix CPU hotplug callback registration (Srivatsa S. Bhat) 
  [Orabug: 20917697] - CPU hotplug: Provide lockless versions of 
callback registration functions (Srivatsa S. Bhat)  [Orabug: 20917697] - 
isofs: Fix unchecked printing of ER records (Jan Kara)  [Orabug: 
20930551]  {CVE-2014-9584}
- KEYS: close race between key lookup and freeing (Sasha Levin) 
[Orabug: 20930548]  {CVE-2014-9529} {CVE-2014-9529}
- mm: memcg: do not allow task about to OOM kill to bypass the limit 
(Johannes Weiner)  [Orabug: 20930539]  {CVE-2014-8171}
- mm: memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes 
Weiner)  [Orabug: 20930539]  {CVE-2014-8171}
- fs: buffer: move allocation failure loop into the allocator (Johannes 
Weiner)  [Orabug: 20930539]  {CVE-2014-8171}
- mm: memcg: handle non-error OOM situations more gracefully (Johannes 
Weiner)  [Orabug: 20930539]  {CVE-2014-8171}
- mm: memcg: do not trap chargers with full callstack on OOM (Johannes 
Weiner)  [Orabug: 20930539]  {CVE-2014-8171}
- mm: memcg: rework and document OOM waiting and wakeup (Johannes 
Weiner)  [Orabug: 20930539]  {CVE-2014-8171}
- mm: memcg: enable memcg OOM killer only for user faults (Johannes 
Weiner)  [Orabug: 20930539]  {CVE-2014-8171}
- x86: finish user fault error path with fatal signal (Johannes Weiner) 
  [Orabug: 20930539]  {CVE-2014-8171}
- arch: mm: pass userspace fault flag to generic fault handler (Johannes 
Weiner)  [Orabug: 20930539]  {CVE-2014-8171}
- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. 
(Stephen Smalley)  [Orabug: 20930501]  {CVE-2014-3215}
- IB/core: Prevent integer overflow in ib_umem_get address arithmetic 
(Shachar Raindel)  [Orabug: 20799875]  {CVE-2014-8159} {CVE-2014-8159}




More information about the Oraclevm-errata mailing list