OVMSA-2023-0005

OVMSA-2023-0005 - xen security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2023-03-21

Description


[4.4.4-222.0.51.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=78d8dad5a481c5b94794ede5fbad2eb0bd5e7f7f
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional commit=4a8ded640f04b41cdb15ce7c4c0a2c812c1b9e4d
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- tools/xenstore: harden transaction finalization against errors (Juergen Gross) [Orabug: 35151957] {CVE-2022-42326} {CVE-2022-42325} {CVE-2022-42326}
- tools/xenstore: fix deleting node in transaction (Juergen Gross) [Orabug: 35151957] {CVE-2022-42325} {CVE-2022-42325} {CVE-2022-42326}
- docs: enhance xenstore.txt with permissions description (Juergen Gross) [Orabug: 35151949] {CVE-2022-42322} {CVE-2022-42323}
- tools/xenstore: make the internal memory data base the default (Juergen Gross) [Orabug: 35151949] {CVE-2022-42322} {CVE-2022-42323}
- tools/xenstore: remove nodes owned by destroyed domain (Juergen Gross) [Orabug: 35151949] {CVE-2022-42322} {CVE-2022-42322} {CVE-2022-42323}
- tools/xenstore: start with empty data base (Juergen Gross) [Orabug: 35151949]
- tools/xenstore: use treewalk for deleting nodes (Juergen Gross) [Orabug: 35151934] {CVE-2022-42321} {CVE-2022-42321}
- tools/xenstore: use treewalk for check_store() (Juergen Gross) [Orabug: 35151934] {CVE-2022-42321} {CVE-2022-42321}
- tools/xenstore: simplify check_store() (Juergen Gross) [Orabug: 35151934] {CVE-2022-42321} {CVE-2022-42321}
- tools/xenstore: add generic treewalk function (Juergen Gross) [Orabug: 35151934] {CVE-2022-42321} {CVE-2022-42321}
- tools/xenstore: don't let remove_child_entry() call corrupt() (Juergen Gross) [Orabug: 35151934] {CVE-2022-42321} {CVE-2022-42321}
- tools/xenstore: remove recursion from construct_node() (Juergen Gross) [Orabug: 35151934] {CVE-2022-42321} {CVE-2022-42321}
- tools/xenstore: fix checking node permissions (Juergen Gross) [Orabug: 35151927] {CVE-2022-42320} {CVE-2022-42320}
- tools/xenstore: don't use conn->in as context for temporary allocations (Juergen Gross) [Orabug: 35151915] {CVE-2022-42319} {CVE-2022-42319}
- tools/xenstore: add control command for setting and showing quota (Juergen Gross) [Orabug: 35151880] {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: add exports for quota variables (Juergen Gross) [Orabug: 35151880] {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: add memory accounting for nodes (Juergen Gross) [Orabug: 35151880] {CVE-2022-42315} {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: add memory accounting for watches (Juergen Gross) [Orabug: 35151880] {CVE-2022-42315} {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: add memory accounting for responses (Juergen Gross) [Orabug: 35151880] {CVE-2022-42315} {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: add infrastructure to keep track of per domain memory usage (Juergen Gross) [Orabug: 35151880] {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: move the call of setup_structure() to dom0 introduction (Juergen Gross) [Orabug: 35151880] {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: limit max number of nodes accessed in a transaction (Juergen Gross) [Orabug: 35151880] {CVE-2022-42314} {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: simplify and fix per domain node accounting (Juergen Gross) [Orabug: 35151880] {CVE-2022-42313} {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: fix connection->id usage (Juergen Gross) [Orabug: 35151880] {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: don't buffer multiple identical watch events (Juergen Gross) [Orabug: 35151880] {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: limit outstanding requests (Juergen Gross) [Orabug: 35151880] {CVE-2022-42312} {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: let unread watch events time out (Juergen Gross) [Orabug: 35151880] {CVE-2022-42311} {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: reduce number of watch events (Juergen Gross) [Orabug: 35151880] {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: add helpers to free struct buffered_data (Juergen Gross) [Orabug: 35151880] {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: split up send_reply() (Juergen Gross) [Orabug: 35151880] {CVE-2022-42311} {CVE-2022-42312} {CVE-2022-42313} {CVE-2022-42314} {CVE-2022-42315} {CVE-2022-42316} {CVE-2022-42317} {CVE-2022-42318}
- tools/xenstore: Fail a transaction if it is not possible to create a node (Julien Grall) [Orabug: 35151876] {CVE-2022-42310} {CVE-2022-42310}
- tools/xenstore: create_node: Don't defer work to undo any changes on failure (Julien Grall) [Orabug: 35151863] {CVE-2022-42309} {CVE-2022-42309}


Related CVEs


CVE-2022-42311
CVE-2022-42320
CVE-2022-42310
CVE-2022-42325
CVE-2022-42317
CVE-2022-42318
CVE-2022-42314
CVE-2022-42326
CVE-2022-42309
CVE-2022-42322
CVE-2022-42312
CVE-2022-42315
CVE-2022-42316
CVE-2022-42319
CVE-2022-42321
CVE-2022-42313
CVE-2022-42323

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle VM 3 (x86_64) xen-4.4.4-222.0.51.el6.src.rpm6e9b114e3f7a5a54a95dd59d3514b5a0-
xen-4.4.4-222.0.51.el6.x86_64.rpm195672d4aeabab4e5ff341dd2985a794-
xen-tools-4.4.4-222.0.51.el6.x86_64.rpm1be37c189bb8f14e084d02c95c23e61f-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete