[Oraclevm-errata] OVMSA-2012-0040 Important: Oracle VM 3.0 xen Security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Wed Sep 5 09:47:26 PDT 2012
Oracle VM Security Advisory OVMSA-2012-0040
The following updated rpms for Oracle VM 3.0 have been uploaded to the
Unbreakable Linux Network:
x86_64:
xen-4.0.0-81.el5.12.x86_64.rpm
xen-devel-4.0.0-81.el5.12.x86_64.rpm
xen-tools-4.0.0-81.el5.12.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.0/SRPMS-updates/xen-4.0.0-81.el5.12.src.rpm
Description of changes:
[4.0.0-81.el5.12]
- console: bounds check whenever changing the cursor due to an escape code
The device model used by fully virtualised (HVM) domains, qemu, does
not properly handle escape VT100 sequences when emulating certain
devices with a virtual console backend.
Signed-off-by: Ian Campbell <ian.campbell at citrix.com>
Signed-off-by: Chuck Anderson <chuck.anderson at oracle.com> [[bug
14554436] {CVE-2012-3515}
[4.0.0-81.el5.11]
- xen: Don't BUG_ON() PoD operations on a non-translated guest.
XENMEM_populate_physmap can be called with invalid flags. By calling
it with MEMF_populate_on_demand flag set, a BUG can be triggered if a
translating paging mode is not being used.
Signed-off-by: Tim Deegan <tim at xen.org>
Reviewed-by: Ian Campbell <ian.campbell at citrix.com>
Tested-by: Ian Campbell <ian.campbell at citrix.com>
Signed-off-by: Chuck Anderson <chuck.anderson at oracle.com> [[bug
14554327] {CVE-2012-3494}
[4.0.0-81.el5.10]
- xen: prevent a 64 bit guest setting reserved bits in DR7
The upper 32 bits of this register are reserved and should be written
as zero.
Signed-off-by: Jan Beulich <jbeulich at suse.com>
Reviewed-by: Ian Campbell <ian.campbell at citrix.com>
Signed-off-by: Chuck Anderson <chuck.anderson at oracle.com> [[bug
14554864] {CVE-2012-3494}
More information about the Oraclevm-errata
mailing list