[Oraclevm-errata] OVMSA-2016-0102 Important: Oracle VM 3.4 xen security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Thu Sep 8 14:40:24 PDT 2016
Oracle VM Security Advisory OVMSA-2016-0102
The following updated rpms for Oracle VM 3.4 have been uploaded to the
Unbreakable Linux Network:
x86_64:
xen-4.4.4-75.0.2.el6.x86_64.rpm
xen-tools-4.4.4-75.0.2.el6.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/xen-4.4.4-75.0.2.el6.src.rpm
Description of changes:
[4.4.4-75.0.2.el6]
- BUILDINFO: commit=a83239e012959a65503ebb44ee9c54620a9d78f5
- evtchn-fifo: prevent use after free (Boris Ostrovsky) {CVE-2016-7154}
- x86/segment: Bounds check accesses to emulation ctxt->seg_reg[]
(Andrew Cooper) {CVE-2016-7094}
- x86/shadow: Avoid overflowing sh_ctxt->seg_reg[] (Andrew Cooper)
{CVE-2016-7094}
- x86/32on64: don't allow recursive page tables from L3 (Jan Beulich)
{CVE-2016-7092}
More information about the Oraclevm-errata
mailing list