[Oraclevm-errata] OVMSA-2023-0005 Important: Oracle VM 3 Extended Lifecycle Support (ELS) xen security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Wed Mar 22 17:47:37 UTC 2023


Oracle VM Security Advisory OVMSA-2023-0005

The following updated rpms for Oracle VM 3 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network:

x86_64:
xen-4.4.4-222.0.51.el6.x86_64.rpm
xen-tools-4.4.4-222.0.51.el6.x86_64.rpm



Related CVEs:

CVE-2022-42309
CVE-2022-42310
CVE-2022-42311
CVE-2022-42312
CVE-2022-42313
CVE-2022-42314
CVE-2022-42315
CVE-2022-42316
CVE-2022-42317
CVE-2022-42318
CVE-2022-42319
CVE-2022-42320
CVE-2022-42321
CVE-2022-42322
CVE-2022-42323
CVE-2022-42325
CVE-2022-42326




Description of changes:

[4.4.4-222.0.51.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=78d8dad5a481c5b94794ede5fbad2eb0bd5e7f7f
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional commit=4a8ded640f04b41cdb15ce7c4c0a2c812c1b9e4d
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- tools/xenstore: harden transaction finalization against errors (Juergen Gross)  [Orabug: 35151957]  {CVE-2022-42326} {CVE-2022-42325} {CVE-2022-42326}
- tools/xenstore: fix deleting node in transaction (Juergen Gross)  [Orabug: 35151957]  {CVE-2022-42325} {CVE-2022-42325} {CVE-2022-42326}
- docs: enhance xenstore.txt with permissions description (Juergen Gross)  [Orabug: 35151949]  {CVE-2022-42322} {CVE-2022-42323}
- tools/xenstore: make the internal memory data base the default (Juergen Gross)  [Orabug: 35151949]  {CVE-2022-42322} {CVE-2022-42323}
- tools/xenstore: remove nodes owned by destroyed domain (Juergen Gross)  [Orabug: 35151949]  {CVE-2022-42322} {CVE-2022-42322} {CVE-2022-42323}
- tools/xenstore: start with empty data base (Juergen Gross)  [Orabug: 35151949]
- tools/xenstore: use treewalk for deleting nodes (Juergen Gross)  [Orabug: 35151934]  {CVE-2022-42321} {CVE-2022-42321}
- tools/xenstore: use treewalk for check_store() (Juergen Gross)  [Orabug: 35151934]  {CVE-2022-42321} {CVE-2022-42321}
- tools/xenstore: simplify check_store() (Juergen Gross)  [Orabug: 35151934]  {CVE-2022-42321} {CVE-2022-42321}
- tools/xenstore: add generic treewalk function (Juergen Gross)  [Orabug: 35151934]  {CVE-2022-42321} {CVE-2022-42321}
- tools/xenstore: don't let remove_child_entry() call corrupt() (Juergen Gross)  [Orabug: 35151934]  {CVE-2022-42321} {CVE-2022-42321}
- tools/xenstore: remove recursion from construct_node() (Juergen Gross)  [Orabug: 35151934]  {CVE-2022-42321} {CVE-2022-42321}
- tools/xenstore: fix checking node permissions (Juergen Gross)  [Orabug: 35151927]  {CVE-2022-42320} {CVE-2022-42320}
- tools/xenstore: don't use conn->in as context for temporary allocations (Juergen Gross)  [Orabug: 35151915]  {CVE-2022-42319} {CVE-2022-42319}
- tools/xenstore: add control command for setting and showing quota (Juergen Gross)  [Orabug: 35151880]  {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: add exports for quota variables (Juergen Gross)  [Orabug: 35151880]  {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: add memory accounting for nodes (Juergen Gross)  [Orabug: 35151880]  {CVE-2022-42315} {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: add memory accounting for watches (Juergen Gross)  [Orabug: 35151880]  {CVE-2022-42315} {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: add memory accounting for responses (Juergen Gross)  [Orabug: 35151880]  {CVE-2022-42315} {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: add infrastructure to keep track of per domain memory usage (Juergen Gross)  [Orabug: 35151880]  {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: move the call of setup_structure() to dom0 introduction (Juergen Gross)  [Orabug: 35151880]  {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: limit max number of nodes accessed in a transaction (Juergen Gross)  [Orabug: 35151880]  {CVE-2022-42314} {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: simplify and fix per domain node accounting (Juergen Gross)  [Orabug: 35151880]  {CVE-2022-42313} {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: fix connection->id usage (Juergen Gross)  [Orabug: 35151880]  {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: don't buffer multiple identical watch events (Juergen Gross)  [Orabug: 35151880]  {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: limit outstanding requests (Juergen Gross)  [Orabug: 35151880]  {CVE-2022-42312} {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: let unread watch events time out (Juergen Gross)  [Orabug: 35151880]  {CVE-2022-42311} {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: reduce number of watch events (Juergen Gross)  [Orabug: 35151880]  {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: add helpers to free struct buffered_data (Juergen Gross)  [Orabug: 35151880]  {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: split up send_reply() (Juergen Gross)  [Orabug: 35151880]  {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: Fail a transaction if it is not possible to create a node (Julien Grall)  [Orabug: 35151876]  {CVE-2022-42310} {CVE-2022-42310}
- tools/xenstore: create_node: Don't defer work to undo any changes on failure (Julien Grall)  [Orabug: 35151863]  {CVE-2022-42309} {CVE-2022-42309}




More information about the Oraclevm-errata mailing list