[Oraclevm-errata] OVMSA-2016-0012 Important: Oracle VM 2.2 xen security update

Fri Feb 12 16:38:17 PST 2016

Oracle VM Security Advisory OVMSA-2016-0012

The following updated rpms for Oracle VM 2.2 have been uploaded to the 
Unbreakable Linux Network:

i386:
xen-3.4.0-0.2.25.el5.i386.rpm
xen-64-3.4.0-0.2.25.el5.noarch.rpm
xen-debugger-3.4.0-0.2.25.el5.noarch.rpm
xen-devel-3.4.0-0.2.25.el5.i386.rpm
xen-pvhvm-devel-3.4.0-0.2.25.el5.i386.rpm
xen-tools-3.4.0-0.2.25.el5.i386.rpm

SRPMS:
http://oss.oracle.com/oraclevm/server/2.2/SRPMS-updates/xen-3.4.0-0.2.25.el5.src.rpm

Description of changes:

[3.4.0-0.2.25]
- XSA-125: Limit XEN_DOMCTL_memory_mapping hypercall to only process up 
to 64 GFNs (or less) (Jan Beulich) [20732412] {CVE-2015-2752}
- XSA-126: xen: limit guest control of PCI command register (Jan 
Beulich) [20739399] {CVE-2015-2756}
- XSA-128: xen: properly gate host writes of modified PCI CFG contents 
(Jan Beulich) [21157440] {CVE-2015-4103}
- XSA-129: xen: don't allow guest to control MSI mask register (Jan 
Beulich) [21158692] {CVE-2015-4104}
- XSA-130: xen/MSI-X: disable logging by default (Jan Beulich) 
[21159408] {CVE-2015-4105}
- XSA-131: [PATCH 1/8] xen/MSI: don't open-code pass-through of enable 
bit modifications (Jan Beulich) [21164529] {CVE-2015-4106}
- XSA-131: [PATCH 2/8] xen/pt: consolidate PM capability emu_mask 
[21164529] {CVE-2015-4106}
- XSA-131: [PATCH 3/8] xen/pt: correctly handle PM status bit [21164529] 
{CVE-2015-4106}
- XSA-131: [PATCH 4/8] xen/pt: split out calculation of throughable mask 
in PCI config space handling [21164529] {CVE-2015-4106}
- XSA-131: [PATCH 5/8] xen/pt: mark all PCIe capability bits read-only 
[21164529] {CVE-2015-4106}
- XSA-131: [PATCH 6/8] xen/pt: mark reserved bits in PCI config space 
fields [21164529] {CVE-2015-4106}
- XSA-131: [PATCH 7/8] xen/pt: add a few PCI config space field 
descriptions [21164529] {CVE-2015-4106}
- XSA-131: [PATCH 8/8] xen/pt: unknown PCI config space fields should be 
read-only [21164529] {CVE-2015-4106}