[Oraclevm-errata] OVMSA-2018-0028 Important: Oracle VM 3.4 xen security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Tue Apr 3 13:32:44 PDT 2018 

Oracle VM Security Advisory OVMSA-2018-0028

The following updated rpms for Oracle VM 3.4 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
xen-4.4.4-155.0.27.el6.x86_64.rpm
xen-tools-4.4.4-155.0.27.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/xen-4.4.4-155.0.27.el6.src.rpm



Description of changes:

[4.4.4-155.0.27.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=bf523bc61677448cb7bb79980d6969896d005bd5
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- hvmloader: Initialize a variable before we use it (Patrick Colp) 
[Orabug: 27751146]
- x86/hvm: indicate avaliability of HW support of APIC virtualization to 
HVM guests (Boris Ostrovsky)  [Orabug: 27739755]
- x86/boot: Disable IBRS in intr/nmi exit path at bootup stage 
(Zhenzhong Duan)  [Orabug: 27411047]
- Fix a wrong check in DO_SPEC_CTRL_EXIT_TO_XEN (Zhenzhong Duan) 
[Orabug: 27738692]  {CVE-2017-5715}

[4.4.4-155.0.26.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=eb6d0ea26496051c6ab876e4037fca0b9cf079d9
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xenstore: add assertion in database dumping code (Wei Liu)  [Orabug: 
27608242]
- xenstore: send error earlier in do_mkdir (Wei Liu)  [Orabug: 27608242]
- xenstore: add memory allocation debugging capability (Juergen Gross) 
[Orabug: 27608242]
- xenstore: use temporary memory context for firing watches (Juergen 
Gross)  [Orabug: 27608242]
- xenstore: add explicit memory context parameter to get_node() (Juergen 
Gross)  [Orabug: 27608242]
- xenstore: add explicit memory context parameter to read_node() 
(Juergen Gross)  [Orabug: 27608242]
- xenstore: add explicit memory context parameter to get_parent() 
(Juergen Gross)  [Orabug: 27608242]
- xenstore: call each xenstored command function with temporary context 
(Juergen Gross)  [Orabug: 27608242]
- cxenstored: document a bunch of short options in help string (Wei Liu) 
  [Orabug: 27608242]

[4.4.4-155.0.25.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=18c714d6839a3fd0d42a5400de940c5b5e788a8c
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/spectre: Make retpoline code match upstream version (Patrick Colp) 
- xenbaked.c: Avoid divide by zero issue (Joe Jin)  [Orabug: 27687906]
- xen/trace: Fix trace metadata page count calculation (revert fbf96e6) 
(George Dunlap)  [Orabug: 27602524]
- x86/traps/spectre: Fix IO emulation stub code (Boris Ostrovsky) 
[Orabug: 27693394]  {CVE-2017-5715}

[4.4.4-155.0.24.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=fa171d3584f49dae46fcea63516b25465473a83b
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: use vcpus variable in log.warn (Elena Ufimtseva) - xend: turn 
off smt if vcpus are not multiple of threads (Elena Ufimtseva)  [Orabug: 
27648711]
- xend: fix preserving smt across reboot (Elena Ufimtseva)  [Orabug: 
27648711]
- xend: fix is_vnuma_off function (Elena Ufimtseva)

[4.4.4-155.0.23.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=131bef465d7329311ec1d9d8f8011a1ceb8d32fe
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- mm, sysctl, xend: only create when there's enough scrubbed memory 
(Joao Martins)  [Orabug: 27450131]

More information about the Oraclevm-errata mailing list