OracleVM 3.2 : xen (OVMSA-2013-0042)

The remote OracleVM system is missing necessary patches to address critical security updates : - Other than the HVM emulation path, the PV case so far failed to check that YMM state requires SSE state to be enabled, allowing for a GP to occur upon passing the inputs to XSETBV inside the hyperviso...

CVE-2013-2076

Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determine portions of the state of floating point instructions of other domains, which can be leveraged t...

Fedora 18 : xen-4.2.2-6.fc18 (2013-10136)

Information leak on XSAVE/XRSTOR capable AMD CPUs XSA-52, CVE-2013-2076 970206 Hypervisor crash due to missing exception recovery on XRSTOR XSA-53, CVE-2013-2077 970204 Hypervisor crash due to missing exception recovery on XSETBV XSA-54, CVE-2013-2078 970202 Multiple vulnerabilities in libelf PV...

Fedora 17 : xen-4.1.5-5.fc17 (2013-10247)

Information leak on XSAVE/XRSTOR capable AMD CPUs XSA-52, CVE-2013-2076 970206 Hypervisor crash due to missing exception recovery on XRSTOR XSA-53, CVE-2013-2077 970204 Hypervisor crash due to missing exception recovery on XSETBV XSA-54, CVE-2013-2078 970202 Multiple vulnerabilities in libelf PV...

Fedora 19 : xen-4.2.2-6.fc19 (2013-9986)

Information leak on XSAVE/XRSTOR capable AMD CPUs XSA-52, CVE-2013-2076 970206 Hypervisor crash due to missing exception recovery on XRSTOR XSA-53, CVE-2013-2077 970204 Hypervisor crash due to missing exception recovery on XSETBV XSA-54, CVE-2013-2078 970202 Multiple vulnerabilities in libelf PV...

Updated xen package fixes security issues

This update fixes the following security issues: XSA-52/CVE-2013-2076: Information leak on XSAVE/XRSTOR capable AMD CPUs XSA-53/CVE-2013-2077: Hypervisor crash due to missing exception recovery on XRSTOR XSA-54/CVE-2013-2078: Hypervisor crash due to missing exception recovery on XSETBV...