[Oraclevm-errata] OVMSA-2016-0102 Important: Oracle VM 3.4 xen security update

Thu Sep 8 14:40:24 PDT 2016

Oracle VM Security Advisory OVMSA-2016-0102

The following updated rpms for Oracle VM 3.4 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
xen-4.4.4-75.0.2.el6.x86_64.rpm
xen-tools-4.4.4-75.0.2.el6.x86_64.rpm

SRPMS:
http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/xen-4.4.4-75.0.2.el6.src.rpm

Description of changes:

[4.4.4-75.0.2.el6]
- BUILDINFO: commit=a83239e012959a65503ebb44ee9c54620a9d78f5
- evtchn-fifo: prevent use after free (Boris Ostrovsky)   {CVE-2016-7154}
- x86/segment: Bounds check accesses to emulation ctxt->seg_reg[] 
(Andrew Cooper)   {CVE-2016-7094}
- x86/shadow: Avoid overflowing sh_ctxt->seg_reg[] (Andrew Cooper) 
{CVE-2016-7094}
- x86/32on64: don't allow recursive page tables from L3 (Jan Beulich) 
{CVE-2016-7092}