[Oraclevm-errata] OVMSA-2015-0026 Important: Oracle VM 3.3 xen security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Fri Mar 6 04:22:27 PST 2015
Oracle VM Security Advisory OVMSA-2015-0026
The following updated rpms for Oracle VM 3.3 have been uploaded to the
Unbreakable Linux Network:
x86_64:
xen-4.3.0-55.el6.22.11.x86_64.rpm
xen-tools-4.3.0-55.el6.22.11.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/xen-4.3.0-55.el6.22.11.src.rpm
Description of changes:
[4.3.0-55.el6.22.11]
- pre-fill structures for certain HYPERVISOR_xen_version sub-ops
... avoiding to pass hypervisor stack contents back to the caller
through space unused by the respective strings.
This is XSA-122.
Acked-by: Jan Beulich <jbeulich at suse.com>
Signed-off-by: Chuck Anderson <chuck.anderson at oracle.com>
Reviewed-by: John Haxby <john.haxby at oracle.com> [bug 20588560]
{CVE-2015-2045}
[4.3.0-55.el6.22.10]
- x86/HVM: return all ones on wrong-sized reads of system device I/O ports
So far the value presented to the guest remained uninitialized.
This is XSA-121.
Signed-off-by: Jan Beulich <jbeulich at suse.com>
Acked-by: Ian Campbell <ian.campbell at citrix.com>
Signed-off-by: Chuck Anderson <chuck.anderson at oracle.com>
Reviewed-by: John Haxby <john.haxby at oracle.com> [bug 20588167]
{CVE-2015-2044}
More information about the Oraclevm-errata
mailing list