[Oraclevm-errata] OVMBA-2017-0153 Oracle VM 3.4 xen bug fix update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Mon Oct 9 17:01:00 PDT 2017


Oracle VM Bug Fix Advisory OVMBA-2017-0153

The following updated rpms for Oracle VM 3.4 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
xen-4.4.4-105.0.24.el6.x86_64.rpm
xen-tools-4.4.4-105.0.24.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/xen-4.4.4-105.0.24.el6.src.rpm



Description of changes:

[4.4.4-105.0.24.el6]
- BUILDINFO: xen commit=cf78ca81eb7dae3de9cfb7777983078c61bb79d5
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- gnttab: also validate PTE permissions upon destroy/replace (Jan 
Beulich)  [Orabug: 26782990]  {CVE-2017-14319}
- tools/xenstore: dont unlink connection object twice (Juergen Gross)  
[Orabug: 26782943]  {CVE-2017-14317}
- xen/mm: make sure node is less than MAX_NUMNODES (George Dunlap) 
[Orabug: 26775805]  {CVE-2017-14316}

[4.4.4-105.0.23.el6]
- BUILDINFO: xen commit=dcead9b714c8ffd1df0f84917defb2f9b91ce825
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- gnttab: correct pin status fixup for copy (Jan Beulich)  [Orabug: 
26631871]  {CVE-2017-12855}
- gnttab: split maptrack lock to make it fulfill its purpose again (Jan 
Beulich)  [Orabug: 26631852]  {CVE-2017-12136}
- x86/grant: Disallow misaligned PTEs (Andrew Cooper)  [Orabug: 
26631782]  {CVE-2017-12137}
- grant_table: Default to v1, and disallow transitive grants (Andrew 
Cooper)  [Orabug: 26631746]  {CVE-2017-12135}

[4.4.4-105.0.22.el6]
- BUILDINFO: xen commit=22708936a1de050d7c51838e13f22ae4605d0cf5
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Red-tape: Update the repo with CVEs for XSA-[217,218,219,221,222,224] 
(Konrad Rzeszutek Wilk)  [Orabug: 26565647]  {CVE-2017-10920} 
{CVE-2017-10921} {CVE-2017-10922} {CVE-2017-10915} {CVE-2017-10912} 
{CVE-2017-10918} {CVE-2017-10917} {CVE-2017-10913} {CVE-2017-10914}

[4.4.4-105.0.21.el6]
- BUILDINFO: xen commit=50e485935fc9134ba34310aaf95ffc9b4447bf40
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- gitignore: add tools/misc/xen-diag to .gitignore (Dongli Zhang) 
[Orabug: 26440499]
- tools: utility to dump guest grant table info (Dongli Zhang) [Orabug: 
26440499]
- tools/libxc: add interface for GNTTABOP_query_size (Dongli Zhang) 
[Orabug: 26440499]

[4.4.4-105.0.20.el6]
- BUILDINFO: xen commit=c8af48c319485d7410b73746aeb4b6b420885a3b
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xen: increase default max grant frames and max maptrack frames (Annie 
Li)  [Orabug: 26409898]

[4.4.4-105.0.19.el6]
- BUILDINFO: xen commit=a141c209ae1f5b18f5aef63f2e2f9fcffa189663
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- gnttab: __gnttab_unmap_common_complete() is all-or-nothing (Jan 
Beulich)  [Orabug: 26288686]
- gnttab: correct logic to get page references during map requests 
(George Dunlap)  [Orabug: 26288686]
- gnttab: never create host mapping unless asked to (Jan Beulich) 
[Orabug: 26288686]
- gnttab: Fix handling of dev_bus_addr during unmap (George Dunlap) 
[Orabug: 26288686]
- x86/shadow: Hold references for the duration of emulated writes 
(Andrew Cooper)  [Orabug: 26288648]
- x86/mm: disallow page stealing from HVM domains (Jan Beulich) [Orabug: 
26288632]
- guest_physmap_remove_page() needs its return value checked (Jan 
Beulich)  [Orabug: 26288679]
- xen/memory: Fix return value handing of guest_remove_page() (Andrew 
Cooper)  [Orabug: 26288679]
- evtchn: avoid NULL derefs (Jan Beulich)  [Orabug: 26288665]
- gnttab: correct maptrack table accesses (Jan Beulich)  [Orabug: 26288640]
- gnttab: Avoid potential double-put of maptrack entry (George Dunlap)  
[Orabug: 26288640]
- gnttab: fix unmap pin accounting race (Jan Beulich)  [Orabug: 26288640]
- IOMMU: handle IOMMU mapping and unmapping failures (Quan Xu) [Orabug: 
26288640]
- xen/disk: don't leak stack data via response ring (Jan Beulich) 
[Orabug: 26198945]

[4.4.4-105.0.18.el6]
- BUILDINFO: xen commit=7bfe49935ed2b7adde46a5f115e1c27546792a56
- BUILDINFO: QEMU upstream commit=44c5f0a55d9a73e592426c33ce5705c969681955
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- livepatch: Wrong usage of spinlock on debug console. (Konrad Rzeszutek 
Wilk)  [Orabug: 26248317]

[4.4.4-105.0.17.el6]
- BUILDINFO: xen commit=830224cb7e764948c4f524d049dd1511106295e6
- BUILDINFO: QEMU upstream commit=44c5f0a55d9a73e592426c33ce5705c969681955
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend/pci: Respect PCI devices taking their time to do FLR (Konrad 
Rzeszutek Wilk)  [Orabug: 26177765]
- dom0_vcpus_pin=[cpu-cpu],[cpu] support. (Konrad Rzeszutek Wilk) 
[Orabug: 26177759]
- dom0_vcpus_pin: Include 'numa' support. (Konrad Rzeszutek Wilk) 
[Orabug: 26177759]

[4.4.4-105.0.16.el6]
- BUILDINFO: xen commit=10deb4b38fb395256ce87cf1fc0edbd499ec6bf3
- BUILDINFO: QEMU upstream commit=44c5f0a55d9a73e592426c33ce5705c969681955
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/do_invalid_op() should use is_active_kernel_text() rather than 
having its (Konrad Rzeszutek Wilk)  [Orabug: 26129256]

[4.4.4-105.0.15.el6]
- BUILDINFO: xen commit=67b193cbaf090c27a2522c3ce6ee3a189dd65a7c
- BUILDINFO: QEMU upstream commit=44c5f0a55d9a73e592426c33ce5705c969681955
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86: correct create_bounce_frame (tagged with CVE number) (Boris 
Ostrovsky)  [Orabug: 25927745]  {CVE-2017-8905}
- x86: discard type information when stealing pages (tagged with CVE 
number) (Boris Ostrovsky)  [Orabug: 25927683]  {CVE-2017-8904}
- multicall: deal with early exit conditions (tagged with CVE number) 
(Boris Ostrovsky)  [Orabug: 25927612]  {CVE-2017-8903}

[4.4.4-105.0.14.el6]
- BUILDINFO: xen commit=f7997ea93ae215b96a86973ad404604aca65d838
- BUILDINFO: QEMU upstream commit=44c5f0a55d9a73e592426c33ce5705c969681955
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/hvm: do not set msr_tsc_adjust on hvm_set_guest_tsc_fixed (Joao 
Martins)  [Orabug: 25767978]

[4.4.4-105.0.13.el6]
- BUILDINFO: xen commit=c7b188d9cbc0312d2d1580e11b0f742e5b92cca5
- BUILDINFO: QEMU upstream commit=fcd17fdf18b95a9e408acc84f6d2b37cf3fc0335
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- tools/libxc: Set max_elem to zero in xc_lockprof_query_number() (Boris 
Ostrovsky)  [Orabug: 26020613]

[4.4.4-105.0.12.el6]
- BUILDINFO: xen commit=8ee9cbea8e71c968e602d5b4974601d283d61d28
- BUILDINFO: QEMU upstream commit=fcd17fdf18b95a9e408acc84f6d2b37cf3fc0335
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86: correct create_bounce_frame (Boris Ostrovsky)  [Orabug: 25927745]
- x86: discard type information when stealing pages (Boris Ostrovsky)  
[Orabug: 25927683]
- multicall: deal with early exit conditions (Boris Ostrovsky) [Orabug: 
25927612]

[4.4.4-105.0.11.el6]
- BUILDINFO: xen commit=66e33522666436a4b6c13fbaa77b4942876bb5f7
- BUILDINFO: QEMU upstream commit=fcd17fdf18b95a9e408acc84f6d2b37cf3fc0335
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- kexec: Add spinlock for the whole hypercall. (Konrad Rzeszutek Wilk)  
[Orabug: 25861731]
- kexec: clear kexec_image slot when unloading kexec image (Bhavesh 
Davda)  [Orabug: 25861731]

[4.4.4-105.0.10.el6]
- BUILDINFO: xen commit=337c8edcc582f8bfb1bcfcb5a475c5fc18ff2def
- BUILDINFO: QEMU upstream commit=fcd17fdf18b95a9e408acc84f6d2b37cf3fc0335
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- memory: properly check guest memory ranges in XENMEM_exchange handling 
(Jan Beulich)  [Orabug: 25760559]  {CVE-2017-7228}
- xenstored: Log when the write transaction rate limit bites (Ian 
Jackson)  [Orabug: 25745225]
- xenstored: apply a write transaction rate limit (Ian Jackson) [Orabug: 
25745225]

[4.4.4-105.0.9.el6]
- BUILDINFO: xen commit=17b0cd2109c42553e9c8c34d3a2b8252abead104
- BUILDINFO: QEMU upstream commit=fcd17fdf18b95a9e408acc84f6d2b37cf3fc0335
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xm: Fix the error message displayed by 'xm create ...' (Venu 
Busireddy)  [Orabug: 25721696]
- xm: expand pci hidden devices tools (Venu Busireddy)  [Orabug: 25721624]
- cirrus/vnc: zap drop bitblit support from console code. (Gerd 
Hoffmann)  [Orabug: 25718334]  {CVE-2016-9603}

[4.4.4-105.0.8.el6]
- BUILDINFO: xen commit=81f33e7316b476c319f42eb56ac58fc450804ded
- BUILDINFO: QEMU upstream commit=2e4e0a805aeb448242b43399e0853b851bccde4e
- BUILDINFO: QEMU traditional 
commit=d9ba4c53b14ebf9a0613b5638f90d95489622f0c
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: fix vif device ID allocation (Zhigang Wang)  [Orabug: 25692157] 
[Orabug: 25704938]

[4.4.4-105.0.7.el6]
- BUILDINFO: xen commit=68930e8bbd9311ebd12fdb251362a2e1f9987fba
- BUILDINFO: QEMU upstream commit=f663d3dd4e968756d33e29cb2c2c956cabbdd4ca
- BUILDINFO: QEMU traditional 
commit=d9ba4c53b14ebf9a0613b5638f90d95489622f0c
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: fix waitForSuspend (Zhigang Wang)  [Orabug: 25638583] [Orabug: 
25653480]
- IOMMU: always call teardown callback (Oleksandr Tyshchenko) [Orabug: 
25485193]
- cirrus: fix oob access issue (CVE-2017-2615) (Li Qiang) [Orabug: 
25533433]  {CVE-2017-2615} {CVE-2017-2615}
- display: cirrus: ignore source pitch value as needed in blit_is_unsafe 
(Bruce Rogers)  [Orabug: 25533541]  {CVE-2017-2620}
- cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (Gerd 
Hoffmann)  [Orabug: 25533541] {CVE-2017-2620} {CVE-2017-2620}

[4.4.4-105.0.6.el6]
- BUILDINFO: xen commit=9f3030e391274b89deb80c86a6343dac473916b3
- BUILDINFO: QEMU upstream commit=f663d3dd4e968756d33e29cb2c2c956cabbdd4ca
- BUILDINFO: QEMU traditional 
commit=d9ba4c53b14ebf9a0613b5638f90d95489622f0c
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- one-off build

[4.4.4-105.0.5.el6]
- BUILDINFO: xen commit=9f3030e391274b89deb80c86a6343dac473916b3
- BUILDINFO: QEMU upstream commit=f663d3dd4e968756d33e29cb2c2c956cabbdd4ca
- BUILDINFO: QEMU traditional 
commit=bc33fbc6f9a004dc11dcc18f1c5c755a60b65b73
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86: force EFLAGS.IF on when exiting to PV guests (Jan Beulich) 
[Orabug: 25235009]  {CVE-2016-10024}
- Rombios: large disk support for LBA48 to L-CHS translation (Bhavesh 
Davda)  [Orabug: 25304859]
- x86/emul: Correct the handling of eflags with SYSCALL (Andrew Cooper)  
[Orabug: 25294731]  {CVE-2016-10013}

[4.4.4-105.0.4.el6]
- BUILDINFO: commit=c9d295a8e909c45a5e1d9fb5ef2c2ed0df1e871a
- libxl: Remove redundant setting of phyical-device (George Dunlap) 
[Orabug: 24975447]

[4.4.4-105.0.3.el6]
- BUILDINFO: commit=8669823eab47b0fa3ae9a7f8fa5ef45874582559
- x86emul: CMPXCHG8B ignores operand size prefix (Jan Beulich) [Orabug: 
25180276]

[4.4.4-105.0.2.el6]
- BUILDINFO: commit=5e4dc2c5fbd14b065234c0b5e5b637e0e005fab7
- pygrub: Properly quote results, when returning them to the caller: 
(Ian Jackson)  [Orabug: 25094263]  {CVE-2016-9379} {CVE-2016-9380}
- x86emul: fix huge bit offset handling (Jan Beulich)  [Orabug: 
25088366]  {CVE-2016-9383}
- x86/PV: writes of %fs and %gs base MSRs require canonical addresses 
(Jan Beulich)  [Orabug: 25087576]  {CVE-2016-9385}
- x86/HVM: don't load LDTR with VM86 mode attrs during task switch (Jan 
Beulich)  [Orabug: 25087539]  {CVE-2016-9382}
- x86/hvm: Fix the handling of non-present segments (Andrew Cooper) 
[Orabug: 25087515]  {CVE-2016-9386}

[4.4.4-105.0.1.el6]
- BUILDINFO: commit=286bb9711e33d92767e8608bea4d3da6dbeeb710
- move TLB-flush filtering out into populate_physmap during vm creation 
(Dongli Zhang)  [Orabug: 24951888]
- replace tlbflush check and operation with inline functions (Dongli 
Zhang)  [Orabug: 24951888]
- x86/hvm: extend HVM cpuid leaf with vcpu id (Paul Durrant)
- x86/hvm: add HVM-specific hypervisor CPUID leaf (Boris Ostrovsky)
- xend: soft_reset support. (Konrad Rzeszutek Wilk)
- (lib)xl: soft reset support (Vitaly Kuznetsov)
- tools/libxl: Save and restore EMULATOR_XENSTORE_DATA content (Andrew 
Cooper)
- libxl: introduce libxl__device_model_xs_path (Wei Liu)
- libxl: add LIBXL_DEVICE_MODEL_SAVE_FILE (Vitaly Kuznetsov)
- libxc: support XEN_DOMCTL_soft_reset operation (Vitaly Kuznetsov)
- arch-specific hooks for domain_soft_reset() (Vitaly Kuznetsov)
- flask: DOMCTL_soft_reset support (Vitaly Kuznetsov)
- introduce XEN_DOMCTL_soft_reset (Vitaly Kuznetsov)
- evtchn: make evtchn_reset() ready for soft reset (Vitaly Kuznetsov)
- evtchn: make EVTCHNOP_reset suitable for kexec (Vitaly Kuznetsov)
- xl: introduce enum domain_restart_type (Vitaly Kuznetsov)
- libxl: support SHUTDOWN_soft_reset shutdown reason (Vitaly Kuznetsov)
- introduce SHUTDOWN_soft_reset shutdown reason (Vitaly Kuznetsov)
- x86emul: honor guest CR0.TS and CR0.EM (Jan Beulich)  [Orabug: 
24697001]  {CVE-2016-7777}

[4.4.4-105.el6]
- BUILDINFO: commit=617712bfc04e04aba1606f61e1ef6bac7b557464
- evtchn-fifo: prevent use after free (Boris Ostrovsky)  [Orabug: 24581056]




More information about the Oraclevm-errata mailing list