OVMSA-2017-0176

OVMSA-2017-0176 - xen security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2017-12-13

Description


[4.4.4-155.0.7.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=b90f0a4fa66aea67e743c393ba307612a2fec379
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- p2m: Check return value of p2m_set_entry() when decreasing reservation (George Dunlap) [Orabug: 27216264] {CVE-2017-17045}
- p2m: Always check to see if removing a p2m entry actually worked (George Dunlap) [Orabug: 27216264] {CVE-2017-17045}
- x86/pod: prevent infinite loop when shattering large pages (Julien Grall) [Orabug: 27216261] {CVE-2017-17044}
- xen/physmap: Do not permit a guest to populate PoD pages for itself (Elena Ufimtseva) [Orabug: 27216261] {CVE-2017-17044}
- xend/pxm: Include pxm in XenStore when hotplugging PCI devices (Konrad Rzeszutek Wilk) [Orabug: 27206706]

[4.4.4-155.0.6.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=2f4972e50ebd2a470b19bfdb1fc6ce91e77614e0
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- vNUMA: assign vcpus to nodes by interleaving (Elena Ufimtseva) [Orabug: 27091937]

[4.4.4-155.0.5.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=c9c2df2dc87e18c9dcf584aedf859ab50b62883a
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- vNUMA: disable vNUMA if fail to find vcpus for pinning (Elena Ufimtseva) [Orabug: 27091931]

[4.4.4-155.0.4.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=fe4d54f49f8cf07f9e9d8077b7c85d287fb5c90c
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/shadow: correct SH_LINEAR mapping detection in sh_guess_wrmap() (Andrew Cooper) [Orabug: 27148184] {CVE-2017-15592} {CVE-2017-15592}
- x86: don't wrongly trigger linear page table assertion (Jan Beulich) [Orabug: 27148179] {CVE-2017-15595}

[4.4.4-155.0.3.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=b67a2d04c74002cceabfa76612a27fd1cf3f2b29
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- vNUMA: fix cpus assignment in manual vNUMA mode. (Elena Ufimtseva) [Orabug: 26828896]


Related CVEs


CVE-2017-17045
CVE-2017-17044

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle VM 3.4 (x86_64) xen-4.4.4-155.0.7.el6.src.rpme72e5b38daec9bc3c3a0f11863bab0f0OVMSA-2021-0014
xen-4.4.4-155.0.7.el6.x86_64.rpmcc19a91fc7f631136880cb7096b23972OVMSA-2021-0014
xen-tools-4.4.4-155.0.7.el6.x86_64.rpm7fc0dc7f5ddb42d3637b7ee7e56441a6OVMSA-2021-0014



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete