OVMSA-2014-0025 - xen security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2014-10-01 |
Description
[4.3.0-55.el6.0.0.4]
- x86/HVM: properly bound x2APIC MSR range
This is XSA-108.
Additional changelog comments added to 4.3.0-55.el6.0.0.3
Signed-off-by: Chuck Anderson [bug 19698535] {CVE-2014-7188}
[4.3.0-55.el6.0.0.3]
- Fix for bug 19698535
Signed-off-by: Chuck Anderson [bug 19698535]
[4.3.0-55.el6.0.0.2]
- x86emul: only emulate software interrupt injection for real mode
Protected mode emulation currently lacks proper privilege checking of
the referenced IDT entry, and there's currently no legitimate way for
any of the respective instructions to reach the emulator when the guest
is in protected mode.
This is XSA-106.
Reported-by: Andrei LUTAS
Signed-off-by: Jan Beulich
Acked-by: Keir Fraser
Signed-off-by: Chuck Anderson [bug 19699782] {CVE-2014-7156}
[4.3.0-55.0.0.1]
- x86/emulate: check cpl for all privileged instructions
Without this, it is possible for userspace to load its own IDT or GDT.
This is XSA-105.
Reported-by: Andrei LUTAS
Signed-off-by: Andrew Cooper
Reviewed-by: Jan Beulich
Tested-by: Andrei LUTAS
Signed-off-by: Chuck Anderson [bug 19699773] {CVE-2014-7155}
Related CVEs
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
|
| Oracle VM 3.3 (x86_64) | xen-4.3.0-55.el6.0.0.4.src.rpm | 65db15513c73dad2308d5154c89d308acef462dba3a0543617b40d50f21a422c | OVMBA-2024-0012 | ovm3_x86_64_3.3_patch |
| xen-4.3.0-55.el6.0.0.4.x86_64.rpm | f1d1818f6503b4aec7a60146f47e6ad9174731132cd180479afb3efa09e0c075 | OVMBA-2024-0012 | ovm3_x86_64_3.3_patch |
| xen-tools-4.3.0-55.el6.0.0.4.x86_64.rpm | be20d621f3e68b954e0bd2f7dd69c69db2f4dc30ca51064a46fbfab38fc410ec | OVMBA-2024-0012 | ovm3_x86_64_3.3_patch |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
