OVMSA-2018-0006

OVMSA-2018-0006 - xen security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2018-01-08

Description


[4.4.4-155.0.12.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=bd770ecc2d0647c0cf5498391e3392e4dff5c5f9
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86: Always print info about speculative mitigation facilities (Boris Ostrovsky) [Orabug: 27352414] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Don't use retpoline if CONFIG_INDIRECT_THUNK is not set (Boris Ostrovsky) [Orabug: 27352414] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}

[4.4.4-155.0.11.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=e08ec4a5cb232f5a153c716f5519e5fbb52584cd
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- rpm: Add microcode_ctl dependency (Boris Ostrovsky)
- x86: cpuint. Move the detection of CPU capabilities (Konrad Rzeszutek Wilk) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- migration: Set the CPUID _before_ XEN_DOMCTL_sethvmcontext (Konrad Rzeszutek Wilk) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/xen: Make cpu_has_[stibp,ibrsp,etc] work. (Konrad Rzeszutek Wilk) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Expose CPUID.7, EDX.26->27 and CPUID.0x80000008, EBX.12 (Konrad Rzeszutek Wilk) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/idle: Clear SPEC_CTRL while idle (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/cpuid: Offer Indirect Branch Controls to guests (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/ctxt: Issue a speculation barrier between vcpu contexts (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Clobber the Return Stack Buffer on entry to Xen (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/boot: Calculate the most appropriate BTI mitigation to use (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Use MSR_SPEC_CTRL at each entry/exit point (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Protect unaware domains from meddling hyperthreads (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/hvm: Permit guests direct access to MSR_{SPEC_CTRL,PRED_CMD} (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/migrate: Move MSR_SPEC_CTRL on migrate (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/msr: Emulation of MSR_{SPEC_CTRL,PRED_CMD} for guests (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Introduce a common cpuid_policy_updated() (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Introduce framework for cpuid policy updates (Boris Ostrovsky) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Introduce cpuid_policy (Boris Ostrovsky) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/msr: introduce struct msr_vcpu_policy (Sergey Dyasli) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/cmdline: Introduce a command line option to disable IBRS/IBPB, STIBP and IBPB (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- xen: add an optional string end parameter to parse_bool() (Juergen Gross) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/feature: Definitions for Indirect Branch Controls (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Introduce alternative indirect thunks (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Backport setup_force_cpu_cap (Boris Ostrovsky) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/amd: Try to set lfence as being Dispatch Serialising (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/boot: Report details of speculative mitigations (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Support indirect thunks from assembly code (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- common/wait: Clarifications to wait infrastructure (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Support compiling with indirect branch thunks (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Erase guest GPR state on entry to Xen (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/pv: Move hypercall handling up into C (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/hvm: Use SAVE_ALL to construct the cpu_user_regs frame after VMExit (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Rearrange RESTORE_ALL to restore register in stack order (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Remove support for partial cpu_user_regs frames (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/alt: Introduce ALTERNATIVE{,_2} macros (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/alt: Break out alternative-asm into a separate header file (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/hvm: assert that we we saved a sane number of MSRs. (Tim Deegan) [Orabug: 27338201]
- x86: Avoid corruption on migrate for vcpus using CPUID Faulting (Andrew Cooper) [Orabug: 27338201]
- x86/hvm: Don't corrupt the HVM context stream when writing the MSR record (Andrew Cooper) [Orabug: 27338201]
- x86: generic MSRs save/restore (Jan Beulich) [Orabug: 27338201]
- x86/msr: introduce guest_wrmsr() (Sergey Dyasli) [Orabug: 27338201]
- x86/msr: introduce guest_rdmsr() (Sergey Dyasli) [Orabug: 27338201]
- x86/msr: introduce struct msr_domain_policy (Sergey Dyasli) [Orabug: 27338201]
- microcode: Always scan the initramfs for microcode (Konrad Rzeszutek Wilk) [Orabug: 27338209]
- x86: Move microcode loading earlier (Konrad Rzeszutek Wilk) [Orabug: 27338209]
- livepatch: Alternative backport compile issues under Xen 4.4 (Konrad Rzeszutek Wilk) [Orabug: 27338204]
- x86: support 2- and 3-way alternatives (Jan Beulich) [Orabug: 27338204]
- xen/x86/alternatives: Do not use sync_core() to serialize I$ (Borislav Petkov) [Orabug: 27338204]
- livepatch: NOP if func->new_addr is zero. (Konrad Rzeszutek Wilk) [Orabug: 27338204]
- alternatives: x86 rename and change parameters on ARM (Konrad Rzeszutek Wilk) [Orabug: 27338204]
- x86/arm64: Expose the ALT_[ORIG|REPL]_PTR macros to header files. (Konrad Rzeszutek Wilk) [Orabug: 27338204]
- xsplice: Add support for alternatives (Ross Lagerwall) [Orabug: 27338204]
- x86: Alter nmi_callback_t typedef (Konrad Rzeszutek Wilk) [Orabug: 27338204]
- x86/alternatives: correct near branch check (Jan Beulich) [Orabug: 27338204]
- x86: disable CR0.WP while applying alternatives (Andrew Cooper) [Orabug: 27338204]
- work around Clang generating .data.rel.ro section for init-only files (Andrew Cooper) [Orabug: 27338204]
- x86: move alternative.c data fully into .init.* (Jan Beulich) [Orabug: 27338204]
- x86: port the basic alternative mechanism from Linux to Xen (Feng Wu) [Orabug: 27338204]
- x86: add definitions for NOP operation (Feng Wu) [Orabug: 27338204]

[4.4.4-155.0.10.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=32639222bb19e981f5500fcef435fce2c1c6eef0
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xen.spec: Add sbsignxen to sign xen.efi binary. (Srinivas Maturi) [Orabug: 27261277]

[4.4.4-155.0.9.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=73f85f0b6808e91db01457ff5f6fa74a6e1fa4f5
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/setup: do not relocate modules and crashkernel region over the Xen image (Daniel Kiper) [Orabug: 27248005]
- x86/boot: add missing branch to the dom0 kernel data acquisition (Daniel Kiper) [Orabug: 27234709]
- xen/x86: do not put .efi.pe.header section into LOAD segment (Daniel Kiper) [Orabug: 27248005]
- xen/x86: do not relocate below the end of current Xen image placement (Daniel Kiper) [Orabug: 27248005]
- xen/x86: do not relocate the Xen image if the bootloader did the work for us (Daniel Kiper) [Orabug: 27248005]
- xen/x86: Build xen.mb.efi directly from xen-syms (Daniel Kiper) [Orabug: 27180757]
- xen/x86/efi: Verify dom0 kernel with SHIM_LOCK protocol in efi_multiboot2() (Daniel Kiper) [Orabug: 27180757]
- efi: split out efi_shim_lock() (Daniel Kiper) [Orabug: 27180757]
- xen/x86: Add some addresses to the Multiboot2 header (Daniel Kiper) [Orabug: 27180757]
- xen/x86: Add some addresses to the Multiboot header (Daniel Kiper) [Orabug: 27180757]
- xen/x86: Manually build PE header (Daniel Kiper) [Orabug: 27180757]
- xen: Introduce XEN_COMPILE_POSIX_TIME (Daniel Kiper) [Orabug: 27180757]
- xen/x86/boot: Align the stack as UEFI spec requires (Daniel Kiper) [Orabug: 27180757]

[4.4.4-155.0.8.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=667086f56694d9e4e1f45b3ac9126bb8d8ceff26
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Fix dom0_vcpus_pin regression (Konrad Rzeszutek Wilk) [Orabug: 27234748]
- xend/python: Add 'enclosure-type' (Konrad Rzeszutek Wilk) [Orabug: 27220742]
- xend/python: Expand the list of parameters that can be changed to include all (Konrad Rzeszutek Wilk)
- xend/python: Export DMI asset-tag and platform to guests. (Konrad Rzeszutek Wilk) [Orabug: 27220742]
- vNUMA: fix the selection of correct number of cores (Elena Ufimtseva) [Orabug: 27222930]


Related CVEs


CVE-2017-5715
CVE-2017-5753
CVE-2017-5754

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle VM 3.4 (x86_64) xen-4.4.4-155.0.12.el6.src.rpm938a16d4345d84c6ac8e6e6f4519e751-
xen-4.4.4-155.0.12.el6.x86_64.rpme82930365d5a2eb6f1621a0082cccd9a-
xen-tools-4.4.4-155.0.12.el6.x86_64.rpmfa88ee08ee30452804f24ea60e707247-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete