[Oraclevm-errata] OVMSA-2015-0141 Important: Oracle VM 3.3 xen security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Thu Oct 29 13:10:29 PDT 2015


Oracle VM Security Advisory OVMSA-2015-0141

The following updated rpms for Oracle VM 3.3 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
xen-4.3.0-55.el6.47.58.x86_64.rpm
xen-tools-4.3.0-55.el6.47.58.x86_64.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/xen-4.3.0-55.el6.47.58.src.rpm



Description of changes:

[4.3.0-55.el6.47.58]
- x86: rate-limit logging in do_xen{oprof,pmu}_op()
   Some of the sub-ops are acessible to all guests, and hence should be
   rate-limited. In the xenoprof case, just like for XSA-146, include them
   only in debug builds. Since the vPMU code is rather new, allow them to
   be always present, but downgrade them to (rate limited) guest messages.
   This is XSA-152.
   Signed-off-by: Jan Beulich <jbeulich at suse.com>
   Acked-by: Chuck Anderson <chuck.anderson at oracle.com>
   Reviewed-by: John Haxby <john.haxby at oracle.com> [bug 22088895] 
{CVE-2015-7971}

[4.3.0-55.el6.47.57]
- xenoprof: free domain's vcpu array
   This was overlooked in fb442e2171 ("x86_64: allow more vCPU-s per
   guest").
   This is XSA-151.
   Signed-off-by: Jan Beulich <jbeulich at suse.com>
   Reviewed-by: Ian Campbell <ian.campbell at citrix.com>
   Acked-by: Chuck Anderson <chuck.anderson at oracle.com>
   Reviewed-by: John Haxby <john.haxby at oracle.com> [bug 22088828] 
{CVE-2015-7969}

[4.3.0-55.el6.47.56]
- x86: guard against undue super page PTE creation
   When optional super page support got added (commit bd1cd81d64 "x86: PV
   support for hugepages"), two adjustments were missed: mod_l2_entry()
   needs to consider the PSE and RW bits when deciding whether to use the
   fast path, and the PSE bit must not be removed from L2_DISALLOW_MASK
   unconditionally.
   This is XSA-148.
   Signed-off-by: Jan Beulich <jbeulich at suse.com>
   Reviewed-by: Tim Deegan <tim at xen.org>
   Acked-by: Chuck Anderson <chuck.anderson at oracle.com>
   Reviewed-by: John Haxby <john.haxby at oracle.com> [bug 22088391] 
{CVE-2015-7835}




More information about the Oraclevm-errata mailing list