[Oraclevm-errata] OVMSA-2018-0028 Important: Oracle VM 3.4 xen security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Tue Apr 3 13:32:44 PDT 2018
Oracle VM Security Advisory OVMSA-2018-0028
The following updated rpms for Oracle VM 3.4 have been uploaded to the
Unbreakable Linux Network:
x86_64:
xen-4.4.4-155.0.27.el6.x86_64.rpm
xen-tools-4.4.4-155.0.27.el6.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/xen-4.4.4-155.0.27.el6.src.rpm
Description of changes:
[4.4.4-155.0.27.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=bf523bc61677448cb7bb79980d6969896d005bd5
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- hvmloader: Initialize a variable before we use it (Patrick Colp)
[Orabug: 27751146]
- x86/hvm: indicate avaliability of HW support of APIC virtualization to
HVM guests (Boris Ostrovsky) [Orabug: 27739755]
- x86/boot: Disable IBRS in intr/nmi exit path at bootup stage
(Zhenzhong Duan) [Orabug: 27411047]
- Fix a wrong check in DO_SPEC_CTRL_EXIT_TO_XEN (Zhenzhong Duan)
[Orabug: 27738692] {CVE-2017-5715}
[4.4.4-155.0.26.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=eb6d0ea26496051c6ab876e4037fca0b9cf079d9
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xenstore: add assertion in database dumping code (Wei Liu) [Orabug:
27608242]
- xenstore: send error earlier in do_mkdir (Wei Liu) [Orabug: 27608242]
- xenstore: add memory allocation debugging capability (Juergen Gross)
[Orabug: 27608242]
- xenstore: use temporary memory context for firing watches (Juergen
Gross) [Orabug: 27608242]
- xenstore: add explicit memory context parameter to get_node() (Juergen
Gross) [Orabug: 27608242]
- xenstore: add explicit memory context parameter to read_node()
(Juergen Gross) [Orabug: 27608242]
- xenstore: add explicit memory context parameter to get_parent()
(Juergen Gross) [Orabug: 27608242]
- xenstore: call each xenstored command function with temporary context
(Juergen Gross) [Orabug: 27608242]
- cxenstored: document a bunch of short options in help string (Wei Liu)
[Orabug: 27608242]
[4.4.4-155.0.25.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=18c714d6839a3fd0d42a5400de940c5b5e788a8c
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/spectre: Make retpoline code match upstream version (Patrick Colp)
- xenbaked.c: Avoid divide by zero issue (Joe Jin) [Orabug: 27687906]
- xen/trace: Fix trace metadata page count calculation (revert fbf96e6)
(George Dunlap) [Orabug: 27602524]
- x86/traps/spectre: Fix IO emulation stub code (Boris Ostrovsky)
[Orabug: 27693394] {CVE-2017-5715}
[4.4.4-155.0.24.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=fa171d3584f49dae46fcea63516b25465473a83b
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: use vcpus variable in log.warn (Elena Ufimtseva) - xend: turn
off smt if vcpus are not multiple of threads (Elena Ufimtseva) [Orabug:
27648711]
- xend: fix preserving smt across reboot (Elena Ufimtseva) [Orabug:
27648711]
- xend: fix is_vnuma_off function (Elena Ufimtseva)
[4.4.4-155.0.23.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=131bef465d7329311ec1d9d8f8011a1ceb8d32fe
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- mm, sysctl, xend: only create when there's enough scrubbed memory
(Joao Martins) [Orabug: 27450131]
More information about the Oraclevm-errata
mailing list