[Oraclevm-errata] OVMSA-2016-0012 Important: Oracle VM 2.2 xen security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Fri Feb 12 16:38:17 PST 2016
Oracle VM Security Advisory OVMSA-2016-0012
The following updated rpms for Oracle VM 2.2 have been uploaded to the
Unbreakable Linux Network:
i386:
xen-3.4.0-0.2.25.el5.i386.rpm
xen-64-3.4.0-0.2.25.el5.noarch.rpm
xen-debugger-3.4.0-0.2.25.el5.noarch.rpm
xen-devel-3.4.0-0.2.25.el5.i386.rpm
xen-pvhvm-devel-3.4.0-0.2.25.el5.i386.rpm
xen-tools-3.4.0-0.2.25.el5.i386.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/2.2/SRPMS-updates/xen-3.4.0-0.2.25.el5.src.rpm
Description of changes:
[3.4.0-0.2.25]
- XSA-125: Limit XEN_DOMCTL_memory_mapping hypercall to only process up
to 64 GFNs (or less) (Jan Beulich) [20732412] {CVE-2015-2752}
- XSA-126: xen: limit guest control of PCI command register (Jan
Beulich) [20739399] {CVE-2015-2756}
- XSA-128: xen: properly gate host writes of modified PCI CFG contents
(Jan Beulich) [21157440] {CVE-2015-4103}
- XSA-129: xen: don't allow guest to control MSI mask register (Jan
Beulich) [21158692] {CVE-2015-4104}
- XSA-130: xen/MSI-X: disable logging by default (Jan Beulich)
[21159408] {CVE-2015-4105}
- XSA-131: [PATCH 1/8] xen/MSI: don't open-code pass-through of enable
bit modifications (Jan Beulich) [21164529] {CVE-2015-4106}
- XSA-131: [PATCH 2/8] xen/pt: consolidate PM capability emu_mask
[21164529] {CVE-2015-4106}
- XSA-131: [PATCH 3/8] xen/pt: correctly handle PM status bit [21164529]
{CVE-2015-4106}
- XSA-131: [PATCH 4/8] xen/pt: split out calculation of throughable mask
in PCI config space handling [21164529] {CVE-2015-4106}
- XSA-131: [PATCH 5/8] xen/pt: mark all PCIe capability bits read-only
[21164529] {CVE-2015-4106}
- XSA-131: [PATCH 6/8] xen/pt: mark reserved bits in PCI config space
fields [21164529] {CVE-2015-4106}
- XSA-131: [PATCH 7/8] xen/pt: add a few PCI config space field
descriptions [21164529] {CVE-2015-4106}
- XSA-131: [PATCH 8/8] xen/pt: unknown PCI config space fields should be
read-only [21164529] {CVE-2015-4106}
More information about the Oraclevm-errata
mailing list