OVMSA-2021-0020 - xen security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2021-06-25 |
Description
[4.4.4-222.0.40.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=4e59b3430d1b7cc6ee6a486a8599d84163d173c9
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional commit=4a8ded640f04b41cdb15ce7c4c0a2c812c1b9e4d
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/spec-ctrl: Mitigate TAA after S3 resume (Andrew Cooper) [Orabug: 32930013] {CVE-2021-28690} {CVE-2021-28690}
- x86/spec-ctrl: Protect against Speculative Code Store Bypass (Andrew Cooper) [Orabug: 32929996] {CVE-2021-0089} {CVE-2021-0089} {CVE-2021-26313}
- VT-d/qinval: drop the lock in error path (Boris Ostrovsky) [Orabug: 32929926]
- AMD/IOMMU: drop command completion timeout (Jan Beulich) [Orabug: 32929926] {CVE-2021-28692} {CVE-2021-28692}
- AMD/IOMMU: wait for command slot to be available (Jan Beulich) [Orabug: 32929926] {CVE-2021-28692} {CVE-2021-28692}
- VT-d: eliminate flush related timeouts (Jan Beulich) [Orabug: 32929926] {CVE-2021-28692} {CVE-2021-28692}
- passthrough/vtd: Don't DMA to the stack in queue_invalidate_wait() (Andrew Cooper) [Orabug: 32929926]
- AMD/IOMMU: size command buffer dynamically (Jan Beulich) [Orabug: 32929926] {CVE-2021-28692} {CVE-2021-28692}
- VT-d: size qinval queue dynamically (Jan Beulich) [Orabug: 32929926] {CVE-2021-28692} {CVE-2021-28692}
- IOMMU: add a timeout parameter for device IOTLB invalidation (Quan Xu) [Orabug: 32929926]
- VT-d: drop redundant calls to invalidate_sync() (Jan Beulich) [Orabug: 32929926]
[4.4.4-222.0.39.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=37a49350867cc9baa70fa9e3ad928065b5b5d846
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional commit=4a8ded640f04b41cdb15ce7c4c0a2c812c1b9e4d
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- elfloader: remove too verbose debug print. (Gregory Herrero) [Orabug: 32794337]
- module: apply alternatives on module load. (Gregory Herrero) [Orabug: 32794337]
- module: set virtual_region before arch_module_finalize(). (Gregory Herrero) [Orabug: 32794337]
Related CVEs
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
|
| Oracle VM 3 (x86_64) | xen-4.4.4-222.0.40.el6.src.rpm | 5dabecca9116f2ada714e9a2505e1a7ce264624ee4a7e1007f1aac2e63f883fa | OVMBA-2024-0012 | ovm3_x86_64_ELS |
| xen-4.4.4-222.0.40.el6.x86_64.rpm | 1634e9f62d330e344afd0bc0f35b3cacd81056851a4e9a40a975a8851b4c1496 | OVMBA-2024-0012 | ovm3_x86_64_ELS |
| xen-tools-4.4.4-222.0.40.el6.x86_64.rpm | 813981e23bebf29f618bfc602e6065c888d62520688c0c5e53c2eb0af13b1c3c | OVMBA-2024-0012 | ovm3_x86_64_ELS |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
