[Oraclevm-errata] OVMSA-2017-0009 Important: Oracle VM 3.2 xen security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Fri Jan 13 07:00:28 PST 2017


Oracle VM Security Advisory OVMSA-2017-0009

The following updated rpms for Oracle VM 3.2 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
xen-4.1.3-25.el5.223.49.x86_64.rpm
xen-devel-4.1.3-25.el5.223.49.x86_64.rpm
xen-tools-4.1.3-25.el5.223.49.x86_64.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.2/SRPMS-updates/xen-4.1.3-25.el5.223.49.src.rpm



Description of changes:

[4.1.3-25.el5.223.49]
- From: Jan Beulich <jbeulich at suse.com>
   Subject: x86: force EFLAGS.IF on when exiting to PV guests
   Guest kernels modifying instructions in the process of being emulated
   for another of their vCPU-s may effect EFLAGS.IF to be cleared upon
   next exiting to guest context, by converting the being emulated
   instruction to CLI (at the right point in time). Prevent any such bad
   effects by always forcing EFLAGS.IF on. And to cover hypothetical other
   similar issues, also force EFLAGS.{IOPL,NT,VM} to zero.
   This is XSA-202.
   Signed-off-by: Jan Beulich <jbeulich at suse.com>
   Conflict:
   xen/arch/x86/x86_64/compat/entry.S
   Backported-by: Zhenzhong Duan <zhenzhong.duan at oracle.com>
   Reviewed-by: Boris Ostrovsky <boris.ostrovsky at oracle.com> [bug 
25235039] {CVE-2016-10024}

[4.1.3-25.el5.223.48]
- From 4d246723a85a03406e4969a260291e11b8e05960 Mon Sep 17 00:00:00 2001
   x86: use MOV instead of PUSH/POP when saving/restoring register state
   Signed-off-by: Jan Beulich <jbeulich at suse.com>
   Acked-by: Keir Fraser <keir at xen.org>
   Backported-by: Zhenzhong Duan <zhenzhong.duan at oracle.com>
   Reviewed-by: Boris Ostrovsky <boris.ostrovsky at oracle.com> [bug 
25235039] {CVE-2016-10024}

[4.1.3-25.el5.223.47]
- From: Andrew Cooper <andrew.cooper3 at citrix.com>
   Date: Sun, 18 Dec 2016 15:42:59 +0000
   Subject: [PATCH] x86/emul: Correct the handling of eflags with SYSCALL
   A singlestep #DB is determined by the resulting eflags value from the
   execution of SYSCALL, not the original eflags value.
   By using the original eflags value, we negate the guest kernels 
attempt to
   protect itself from a privilege escalation by masking TF.
   Introduce a tf boolean and have the SYSCALL emulation recalculate it
   after the instruction is complete.
   This is XSA-204
   Signed-off-by: Andrew Cooper <andrew.cooper3 at citrix.com>
   Reviewed-by: Jan Beulich <jbeulich at suse.com>
   Conflict:
   xen/arch/x86/x86_emulate/x86_emulate.c
   Backported-by: Zhenzhong Duan <zhenzhong.duan at oracle.com>
   Reviewed-by: Boris Ostrovsky <boris.ostrovsky at oracle.com> [bug 
25294913] {CVE-2016-10013}




More information about the Oraclevm-errata mailing list