OVMSA-2015-0141 - xen security update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2015-10-29 |
Description
[4.3.0-55.el6.47.58]
- x86: rate-limit logging in do_xen{oprof,pmu}_op()
Some of the sub-ops are acessible to all guests, and hence should be
rate-limited. In the xenoprof case, just like for XSA-146, include them
only in debug builds. Since the vPMU code is rather new, allow them to
be always present, but downgrade them to (rate limited) guest messages.
This is XSA-152.
Signed-off-by: Jan Beulich
Acked-by: Chuck Anderson
Reviewed-by: John Haxby [bug 22088895] {CVE-2015-7971}
[4.3.0-55.el6.47.57]
- xenoprof: free domain's vcpu array
This was overlooked in fb442e2171 ('x86_64: allow more vCPU-s per
guest').
This is XSA-151.
Signed-off-by: Jan Beulich
Reviewed-by: Ian Campbell
Acked-by: Chuck Anderson
Reviewed-by: John Haxby [bug 22088828] {CVE-2015-7969}
[4.3.0-55.el6.47.56]
- x86: guard against undue super page PTE creation
When optional super page support got added (commit bd1cd81d64 'x86: PV
support for hugepages'), two adjustments were missed: mod_l2_entry()
needs to consider the PSE and RW bits when deciding whether to use the
fast path, and the PSE bit must not be removed from L2_DISALLOW_MASK
unconditionally.
This is XSA-148.
Signed-off-by: Jan Beulich
Reviewed-by: Tim Deegan
Acked-by: Chuck Anderson
Reviewed-by: John Haxby [bug 22088391] {CVE-2015-7835}
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
|
| Oracle VM 3.3 (x86_64) | xen-4.3.0-55.el6.47.58.src.rpm | c18c061de40e6d6eccbdad156243e12e | OVMSA-2021-0014 |
| xen-4.3.0-55.el6.47.58.x86_64.rpm | ddc39fcf13de668040a72f832adf8bad | OVMSA-2021-0014 |
| xen-tools-4.3.0-55.el6.47.58.x86_64.rpm | 1edfe5065203734b599ab3bf039cd77b | OVMSA-2021-0014 |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
