[Oraclevm-errata] OVMSA-2012-0046 Oracle VM 3.1 xen security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Mon Oct 22 09:34:17 PDT 2012
Oracle VM Security Advisory OVMSA-2012-0046
The following updated rpms for Oracle VM 3.1 have been uploaded to the
Unbreakable Linux Network:
x86_64:
xen-4.1.2-18.el5.16.x86_64.rpm
xen-devel-4.1.2-18.el5.16.x86_64.rpm
xen-tools-4.1.2-18.el5.16.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.1/SRPMS-updates/xen-4.1.2-18.el5.16.src.rpm
Description of changes:
[4.1.2-18.el5.16 ]
- Xen Security Advisory CVE-2012-4411 / XSA-19
version 2
guest administrator can access qemu monitor console
Disable qemu monitor by default. The qemu monitor is an overly
powerful feature which must be protected from untrusted (guest)
administrators.
Signed-off-by: Ian Jackson <ian.jackson at eu.citrix.com>
Signed-off-by: Chuck Anderson <chuck.anderson at oracle.com> [bug
14612320] {CVE-2012-4411}
[4.1.2-18.el5.15 ]
- fix xm create vcpu_avail exceeds XMLRPC int limits
If maxvcpus = vcpus = 40, (1<<40 -1) will exceed XMLRPC int limit.
Change it to
str will work. Then in the xend side, it will converted back to int.
Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com>
Signed-off-by: Adnan Misherfi <adnan.misherfi at oracle.com>
Backported-by: Joe Jin <joe.jin at oracle.com> [bug 14483583]
{CVE-2012-3515}
More information about the Oraclevm-errata
mailing list