[Oraclevm-errata] OVMSA-2018-0005 Important: Oracle VM 3.4 xen security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Tue Jan 9 11:06:46 PST 2018
Oracle VM Security Advisory OVMSA-2018-0005
The following updated rpms for Oracle VM 3.4 have been uploaded to the
Unbreakable Linux Network:
x86_64:
xen-4.4.4-105.0.30.el6.x86_64.rpm
xen-tools-4.4.4-105.0.30.el6.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/xen-4.4.4-105.0.30.el6.src.rpm
Description of changes:
[4.4.4-105.0.30.el6]
- BUILDINFO: xen commit=f3bdcc393d14e344f2743148845fe14c5e81b1e0
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86: Always print info about speculative mitigation facilities (Boris
Ostrovsky) [Orabug: 27352392] {CVE-2017-5753} {CVE-2017-5715}
{CVE-2017-5754}
- x86: Don't use retpoline if CONFIG_INDIRECT_THUNK is not set (Boris
Ostrovsky) [Orabug: 27352392] {CVE-2017-5753} {CVE-2017-5715}
{CVE-2017-5754}
[4.4.4-105.0.29.el6]
- BUILDINFO: xen commit=ab650877a21f81203326b5a2c26f7e9382c9cbf9
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- rpm: Add microcode_ctl dependency (Boris Ostrovsky) - x86: cpuint.
Move the detection of CPU capabilities (Konrad Rzeszutek Wilk) [Orabug:
27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- migration: Set the CPUID _before_ XEN_DOMCTL_sethvmcontext (Konrad
Rzeszutek Wilk) [Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715}
{CVE-2017-5754}
- x86/xen: Make cpu_has_[stibp,ibrsp,etc] work. (Konrad Rzeszutek Wilk)
[Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Expose CPUID.7, EDX.26->27 and CPUID.0x80000008, EBX.12 (Konrad
Rzeszutek Wilk) [Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715}
{CVE-2017-5754}
- x86/idle: Clear SPEC_CTRL while idle (Andrew Cooper) [Orabug:
27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/cpuid: Offer Indirect Branch Controls to guests (Andrew Cooper)
[Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/ctxt: Issue a speculation barrier between vcpu contexts (Andrew
Cooper) [Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Clobber the Return Stack Buffer on entry to Xen (Andrew
Cooper) [Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/boot: Calculate the most appropriate BTI mitigation to use (Andrew
Cooper) [Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Use MSR_SPEC_CTRL at each entry/exit point (Andrew Cooper)
[Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Protect unaware domains from meddling hyperthreads (Andrew
Cooper) [Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/hvm: Permit guests direct access to MSR_{SPEC_CTRL,PRED_CMD}
(Andrew Cooper) [Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715}
{CVE-2017-5754}
- x86/migrate: Move MSR_SPEC_CTRL on migrate (Andrew Cooper) [Orabug:
27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/msr: Emulation of MSR_{SPEC_CTRL,PRED_CMD} for guests (Andrew
Cooper) [Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Introduce a common cpuid_policy_updated() (Andrew Cooper)
[Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Introduce framework for cpuid policy updates (Boris Ostrovsky)
[Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Introduce cpuid_policy (Boris Ostrovsky) [Orabug: 27343845]
{CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/msr: introduce struct msr_vcpu_policy (Sergey Dyasli) [Orabug:
27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/cmdline: Introduce a command line option to disable IBRS/IBPB,
STIBP and IBPB (Andrew Cooper) [Orabug: 27343845] {CVE-2017-5753}
{CVE-2017-5715} {CVE-2017-5754}
- xen: add an optional string end parameter to parse_bool() (Juergen
Gross) [Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/feature: Definitions for Indirect Branch Controls (Andrew Cooper)
[Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Introduce alternative indirect thunks (Andrew Cooper) [Orabug:
27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Backport setup_force_cpu_cap (Boris Ostrovsky) [Orabug:
27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/amd: Try to set lfence as being Dispatch Serialising (Andrew
Cooper) [Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/boot: Report details of speculative mitigations (Andrew Cooper)
[Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Support indirect thunks from assembly code (Andrew Cooper)
[Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- common/wait: Clarifications to wait infrastructure (Andrew Cooper)
[Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Support compiling with indirect branch thunks (Andrew Cooper)
[Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Erase guest GPR state on entry to Xen (Andrew Cooper)
[Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/pv: Move hypercall handling up into C (Andrew Cooper) [Orabug:
27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/hvm: Use SAVE_ALL to construct the cpu_user_regs frame after
VMExit (Andrew Cooper) [Orabug: 27343845] {CVE-2017-5753}
{CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Rearrange RESTORE_ALL to restore register in stack order
(Andrew Cooper) [Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715}
{CVE-2017-5754}
- x86/entry: Remove support for partial cpu_user_regs frames (Andrew
Cooper) [Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/alt: Introduce ALTERNATIVE{,_2} macros (Andrew Cooper) [Orabug:
27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/alt: Break out alternative-asm into a separate header file (Andrew
Cooper) [Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/hvm: assert that we we saved a sane number of MSRs. (Tim Deegan)
[Orabug: 27338225]
- x86: Avoid corruption on migrate for vcpus using CPUID Faulting
(Andrew Cooper) [Orabug: 27338225]
- x86/hvm: Don't corrupt the HVM context stream when writing the MSR
record (Andrew Cooper) [Orabug: 27338225]
- x86: generic MSRs save/restore (Jan Beulich) [Orabug: 27338225]
- x86/msr: introduce guest_wrmsr() (Sergey Dyasli) [Orabug: 27338225]
- x86/msr: introduce guest_rdmsr() (Sergey Dyasli) [Orabug: 27338225]
- x86/msr: introduce struct msr_domain_policy (Sergey Dyasli) [Orabug:
27338225]
- microcode: Always scan the initramfs for microcode (Konrad Rzeszutek
Wilk) [Orabug: 27338228]
- x86: Move microcode loading earlier (Konrad Rzeszutek Wilk) [Orabug:
27338228]
- livepatch: Alternative backport compile issues under Xen 4.4 (Konrad
Rzeszutek Wilk) [Orabug: 27338227]
- x86: support 2- and 3-way alternatives (Jan Beulich) [Orabug: 27338227]
- xen/x86/alternatives: Do not use sync_core() to serialize I$ (Borislav
Petkov) [Orabug: 27338227]
- livepatch: NOP if func->new_addr is zero. (Konrad Rzeszutek Wilk)
[Orabug: 27338227]
- alternatives: x86 rename and change parameters on ARM (Konrad
Rzeszutek Wilk) [Orabug: 27338227]
- x86/arm64: Expose the ALT_[ORIG|REPL]_PTR macros to header files.
(Konrad Rzeszutek Wilk) [Orabug: 27338227]
- xsplice: Add support for alternatives (Ross Lagerwall) [Orabug: 27338227]
- x86: Alter nmi_callback_t typedef (Konrad Rzeszutek Wilk) [Orabug:
27338227]
- x86/alternatives: correct near branch check (Jan Beulich) [Orabug:
27338227]
- x86: disable CR0.WP while applying alternatives (Andrew Cooper)
[Orabug: 27338227]
- work around Clang generating .data.rel.ro section for init-only files
(Andrew Cooper) [Orabug: 27338227]
- x86: move alternative.c data fully into .init.* (Jan Beulich)
[Orabug: 27338227]
- x86: port the basic alternative mechanism from Linux to Xen (Feng Wu)
[Orabug: 27338227]
- x86: add definitions for NOP operation (Feng Wu) [Orabug: 27338227]
[4.4.4-105.0.28.el6]
- BUILDINFO: xen commit=5ef31ddcecd6b7d07ada4eea3e14a3ebe54a5726
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend/python: Add 'enclosure-type' (Konrad Rzeszutek Wilk) [Orabug:
27220728]
- xend/python: Expand the list of parameters that can be changed to
include all (Konrad Rzeszutek Wilk) - xend/python: Export DMI asset-tag
and platform to guests. (Konrad Rzeszutek Wilk) [Orabug: 27220728]
[4.4.4-105.0.27.el6]
- BUILDINFO: xen commit=599c458e89d3773631c23ab9c600f8eb4afd3105
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- p2m: Check return value of p2m_set_entry() when decreasing reservation
(George Dunlap) [Orabug: 27130757] {CVE-2017-17045}
- p2m: Always check to see if removing a p2m entry actually worked
(George Dunlap) [Orabug: 27130757] {CVE-2017-17045}
- x86/pod: prevent infinite loop when shattering large pages (Julien
Grall) [Orabug: 27130713] {CVE-2017-17044}
- xen/physmap: Do not permit a guest to populate PoD pages for itself
(Elena Ufimtseva) [Orabug: 27130713] {CVE-2017-17044}
[4.4.4-105.0.26.el6]
- BUILDINFO: xen commit=25339681b51393507e7f764f7fcc4c7666cee2c9
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/shadow: correct SH_LINEAR mapping detection in sh_guess_wrmap()
(Andrew Cooper) [Orabug: 27148094] {CVE-2017-15592} {CVE-2017-15592}
- x86: don't wrongly trigger linear page table assertion (Jan Beulich)
[Orabug: 27148091] {CVE-2017-15595}
More information about the Oraclevm-errata
mailing list