OVMSA-2015-0141 - xen security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2015-10-29 |
Description
[4.3.0-55.el6.47.58]
- x86: rate-limit logging in do_xen{oprof,pmu}_op()
Some of the sub-ops are acessible to all guests, and hence should be
rate-limited. In the xenoprof case, just like for XSA-146, include them
only in debug builds. Since the vPMU code is rather new, allow them to
be always present, but downgrade them to (rate limited) guest messages.
This is XSA-152.
Signed-off-by: Jan Beulich
Acked-by: Chuck Anderson
Reviewed-by: John Haxby [bug 22088895] {CVE-2015-7971}
[4.3.0-55.el6.47.57]
- xenoprof: free domain's vcpu array
This was overlooked in fb442e2171 ('x86_64: allow more vCPU-s per
guest').
This is XSA-151.
Signed-off-by: Jan Beulich
Reviewed-by: Ian Campbell
Acked-by: Chuck Anderson
Reviewed-by: John Haxby [bug 22088828] {CVE-2015-7969}
[4.3.0-55.el6.47.56]
- x86: guard against undue super page PTE creation
When optional super page support got added (commit bd1cd81d64 'x86: PV
support for hugepages'), two adjustments were missed: mod_l2_entry()
needs to consider the PSE and RW bits when deciding whether to use the
fast path, and the PSE bit must not be removed from L2_DISALLOW_MASK
unconditionally.
This is XSA-148.
Signed-off-by: Jan Beulich
Reviewed-by: Tim Deegan
Acked-by: Chuck Anderson
Reviewed-by: John Haxby [bug 22088391] {CVE-2015-7835}
Related CVEs
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
|
| Oracle VM 3.3 (x86_64) | xen-4.3.0-55.el6.47.58.src.rpm | a5ff30085c49db4cbfaccda8fcdf89cf00fb649f68c4ac25e6443d8cc92580fe | OVMBA-2024-0012 | ovm3_x86_64_3.3_patch |
| xen-4.3.0-55.el6.47.58.x86_64.rpm | 848167223798dc6de0b74adebbc885b4fa67632a0ce1117ead055006896a79e5 | OVMBA-2024-0012 | ovm3_x86_64_3.3_patch |
| xen-tools-4.3.0-55.el6.47.58.x86_64.rpm | 23eb1ce5973e8567974942fa6b0aaee05bd9d7f019ff13764a4c0d3f779971b6 | OVMBA-2024-0012 | ovm3_x86_64_3.3_patch |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
