[Oraclevm-errata] OVMSA-2018-0005 Important: Oracle VM 3.4 xen security update

Tue Jan 9 11:06:46 PST 2018

Oracle VM Security Advisory OVMSA-2018-0005

The following updated rpms for Oracle VM 3.4 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
xen-4.4.4-105.0.30.el6.x86_64.rpm
xen-tools-4.4.4-105.0.30.el6.x86_64.rpm

SRPMS:
http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/xen-4.4.4-105.0.30.el6.src.rpm

Description of changes:

[4.4.4-105.0.30.el6]
- BUILDINFO: xen commit=f3bdcc393d14e344f2743148845fe14c5e81b1e0
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86: Always print info about speculative mitigation facilities (Boris 
Ostrovsky)  [Orabug: 27352392]  {CVE-2017-5753} {CVE-2017-5715} 
{CVE-2017-5754}
- x86: Don't use retpoline if CONFIG_INDIRECT_THUNK is not set (Boris 
Ostrovsky)  [Orabug: 27352392]  {CVE-2017-5753} {CVE-2017-5715} 
{CVE-2017-5754}

[4.4.4-105.0.29.el6]
- BUILDINFO: xen commit=ab650877a21f81203326b5a2c26f7e9382c9cbf9
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- rpm: Add microcode_ctl dependency (Boris Ostrovsky) - x86: cpuint. 
Move the detection of CPU capabilities (Konrad Rzeszutek Wilk)  [Orabug: 
27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- migration: Set the CPUID _before_ XEN_DOMCTL_sethvmcontext (Konrad 
Rzeszutek Wilk)  [Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} 
{CVE-2017-5754}
- x86/xen: Make cpu_has_[stibp,ibrsp,etc] work. (Konrad Rzeszutek Wilk) 
[Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Expose CPUID.7, EDX.26->27 and CPUID.0x80000008, EBX.12 (Konrad 
Rzeszutek Wilk)  [Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} 
{CVE-2017-5754}
- x86/idle: Clear SPEC_CTRL while idle (Andrew Cooper)  [Orabug: 
27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/cpuid: Offer Indirect Branch Controls to guests (Andrew Cooper) 
[Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/ctxt: Issue a speculation barrier between vcpu contexts (Andrew 
Cooper)  [Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Clobber the Return Stack Buffer on entry to Xen (Andrew 
Cooper)  [Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/boot: Calculate the most appropriate BTI mitigation to use (Andrew 
Cooper)  [Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Use MSR_SPEC_CTRL at each entry/exit point (Andrew Cooper) 
[Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Protect unaware domains from meddling hyperthreads (Andrew 
Cooper)  [Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/hvm: Permit guests direct access to MSR_{SPEC_CTRL,PRED_CMD} 
(Andrew Cooper)  [Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} 
{CVE-2017-5754}
- x86/migrate: Move MSR_SPEC_CTRL on migrate (Andrew Cooper)  [Orabug: 
27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/msr: Emulation of MSR_{SPEC_CTRL,PRED_CMD} for guests (Andrew 
Cooper)  [Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Introduce a common cpuid_policy_updated() (Andrew Cooper) 
[Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Introduce framework for cpuid policy updates (Boris Ostrovsky) 
[Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Introduce cpuid_policy (Boris Ostrovsky)  [Orabug: 27343845] 
{CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/msr: introduce struct msr_vcpu_policy (Sergey Dyasli)  [Orabug: 
27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/cmdline: Introduce a command line option to disable IBRS/IBPB, 
STIBP and IBPB (Andrew Cooper)  [Orabug: 27343845]  {CVE-2017-5753} 
{CVE-2017-5715} {CVE-2017-5754}
- xen: add an optional string end parameter to parse_bool() (Juergen 
Gross)  [Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/feature: Definitions for Indirect Branch Controls (Andrew Cooper) 
[Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Introduce alternative indirect thunks (Andrew Cooper)  [Orabug: 
27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Backport setup_force_cpu_cap (Boris Ostrovsky)  [Orabug: 
27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/amd: Try to set lfence as being Dispatch Serialising (Andrew 
Cooper)  [Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/boot: Report details of speculative mitigations (Andrew Cooper) 
[Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Support indirect thunks from assembly code (Andrew Cooper) 
[Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- common/wait: Clarifications to wait infrastructure (Andrew Cooper) 
[Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Support compiling with indirect branch thunks (Andrew Cooper) 
[Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Erase guest GPR state on entry to Xen (Andrew Cooper) 
[Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/pv: Move hypercall handling up into C (Andrew Cooper)  [Orabug: 
27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/hvm: Use SAVE_ALL to construct the cpu_user_regs frame after 
VMExit (Andrew Cooper)  [Orabug: 27343845]  {CVE-2017-5753} 
{CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Rearrange RESTORE_ALL to restore register in stack order 
(Andrew Cooper)  [Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} 
{CVE-2017-5754}
- x86/entry: Remove support for partial cpu_user_regs frames (Andrew 
Cooper)  [Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/alt: Introduce ALTERNATIVE{,_2} macros (Andrew Cooper)  [Orabug: 
27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/alt: Break out alternative-asm into a separate header file (Andrew 
Cooper)  [Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/hvm: assert that we we saved a sane number of MSRs. (Tim Deegan) 
[Orabug: 27338225]
- x86: Avoid corruption on migrate for vcpus using CPUID Faulting 
(Andrew Cooper)  [Orabug: 27338225]
- x86/hvm: Don't corrupt the HVM context stream when writing the MSR 
record (Andrew Cooper)  [Orabug: 27338225]
- x86: generic MSRs save/restore (Jan Beulich)  [Orabug: 27338225]
- x86/msr: introduce guest_wrmsr() (Sergey Dyasli)  [Orabug: 27338225]
- x86/msr: introduce guest_rdmsr() (Sergey Dyasli)  [Orabug: 27338225]
- x86/msr: introduce struct msr_domain_policy (Sergey Dyasli)  [Orabug: 
27338225]
- microcode: Always scan the initramfs for microcode (Konrad Rzeszutek 
Wilk)  [Orabug: 27338228]
- x86: Move microcode loading earlier (Konrad Rzeszutek Wilk)  [Orabug: 
27338228]
- livepatch: Alternative backport compile issues under Xen 4.4 (Konrad 
Rzeszutek Wilk)  [Orabug: 27338227]
- x86: support 2- and 3-way alternatives (Jan Beulich)  [Orabug: 27338227]
- xen/x86/alternatives: Do not use sync_core() to serialize I$ (Borislav 
Petkov)  [Orabug: 27338227]
- livepatch: NOP if func->new_addr is zero. (Konrad Rzeszutek Wilk) 
[Orabug: 27338227]
- alternatives: x86 rename and change parameters on ARM (Konrad 
Rzeszutek Wilk)  [Orabug: 27338227]
- x86/arm64: Expose the ALT_[ORIG|REPL]_PTR macros to header files. 
(Konrad Rzeszutek Wilk)  [Orabug: 27338227]
- xsplice: Add support for alternatives (Ross Lagerwall)  [Orabug: 27338227]
- x86: Alter nmi_callback_t typedef (Konrad Rzeszutek Wilk)  [Orabug: 
27338227]
- x86/alternatives: correct near branch check (Jan Beulich)  [Orabug: 
27338227]
- x86: disable CR0.WP while applying alternatives (Andrew Cooper) 
[Orabug: 27338227]
- work around Clang generating .data.rel.ro section for init-only files 
(Andrew Cooper)  [Orabug: 27338227]
- x86: move alternative.c data fully into .init.* (Jan Beulich) 
[Orabug: 27338227]
- x86: port the basic alternative mechanism from Linux to Xen (Feng Wu) 
[Orabug: 27338227]
- x86: add definitions for NOP operation (Feng Wu)  [Orabug: 27338227]

[4.4.4-105.0.28.el6]
- BUILDINFO: xen commit=5ef31ddcecd6b7d07ada4eea3e14a3ebe54a5726
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend/python: Add 'enclosure-type' (Konrad Rzeszutek Wilk)  [Orabug: 
27220728]
- xend/python: Expand the list of parameters that can be changed to 
include all (Konrad Rzeszutek Wilk) - xend/python: Export DMI asset-tag 
and platform to guests. (Konrad Rzeszutek Wilk)  [Orabug: 27220728]

[4.4.4-105.0.27.el6]
- BUILDINFO: xen commit=599c458e89d3773631c23ab9c600f8eb4afd3105
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- p2m: Check return value of p2m_set_entry() when decreasing reservation 
(George Dunlap)  [Orabug: 27130757]  {CVE-2017-17045}
- p2m: Always check to see if removing a p2m entry actually worked 
(George Dunlap)  [Orabug: 27130757]  {CVE-2017-17045}
- x86/pod: prevent infinite loop when shattering large pages (Julien 
Grall)  [Orabug: 27130713]  {CVE-2017-17044}
- xen/physmap: Do not permit a guest to populate PoD pages for itself 
(Elena Ufimtseva)  [Orabug: 27130713]  {CVE-2017-17044}

[4.4.4-105.0.26.el6]
- BUILDINFO: xen commit=25339681b51393507e7f764f7fcc4c7666cee2c9
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/shadow: correct SH_LINEAR mapping detection in sh_guess_wrmap() 
(Andrew Cooper)  [Orabug: 27148094]  {CVE-2017-15592} {CVE-2017-15592}
- x86: don't wrongly trigger linear page table assertion (Jan Beulich) 
[Orabug: 27148091]  {CVE-2017-15595}