OVMSA-2015-0143 - xen security update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2015-11-06 |
Description
[4.1.3-25.el5.209.4]
- x86: rate-limit logging in do_xen{oprof,pmu}_op()
Some of the sub-ops are acessible to all guests, and hence should be
rate-limited. In the xenoprof case, just like for XSA-146, include them
only in debug builds. Since the vPMU code is rather new, allow them to
be always present, but downgrade them to (rate limited) guest messages.
This is XSA-152.
Signed-off-by: Jan Beulich
Acked-by: Chuck Anderson
Reviewed-by: John Haxby [bug 22088921] {CVE-2015-7971}
[4.1.3-25.el5.209.3]
- xenoprof: free domain's vcpu array
This was overlooked in fb442e2171 ('x86_64: allow more vCPU-s per
guest').
This is XSA-151.
Signed-off-by: Jan Beulich
Reviewed-by: Ian Campbell
Acked-by: Chuck Anderson
Reviewed-by: John Haxby [bug 22088848] {CVE-2015-7969}
[4.1.3-25.el5.209.2]
- x86: guard against undue super page PTE creation
When optional super page support got added (commit bd1cd81d64 'x86: PV
support for hugepages'), two adjustments were missed: mod_l2_entry()
needs to consider the PSE and RW bits when deciding whether to use the
fast path, and the PSE bit must not be removed from L2_DISALLOW_MASK
unconditionally.
This is XSA-148.
Signed-off-by: Jan Beulich
Reviewed-by: Tim Deegan
[backport to Xen 4.1]
Signed-off-by: Andrew Cooper
Acked-by: Chuck Anderson
Reviewed-by: John Haxby [bug 22088424] {CVE-2015-7835}
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
|
| Oracle VM 3.2 (x86_64) | xen-4.1.3-25.el5.209.4.src.rpm | 8fb9511d8249ef07359edaadc8707a02 | OVMSA-2021-0014 |
| xen-4.1.3-25.el5.209.4.x86_64.rpm | d8fc9eab29743b39c1bdf5dcc710a81e | OVMSA-2021-0014 |
| xen-devel-4.1.3-25.el5.209.4.x86_64.rpm | 147cdda1313c2193b0720962c1d84474 | OVMSA-2019-0048 |
| xen-tools-4.1.3-25.el5.209.4.x86_64.rpm | 6ab3a7ba0be2e4d53c811d1b772fdf88 | OVMSA-2021-0014 |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
