OracleVM 3.2 : xen (OVMSA-2013-0040)

The remote OracleVM system is missing necessary patches to address critical security updates : - libxc: limit cpu values when setting vcpu affinity When support for pinning more than 64 cpus was added, check for cpu out-of-range values was removed. This can lead to subsequent out-of-bounds cpumap...

CVE-2013-2072

Buffer overflow in the Python bindings for the xcvcpusetaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service memory corruption and xend toolstack crash and possibly gain privileges via a crafted cpumap...

Updated xen package fixes security issues

This update fixes the following security issues: XSA-52/CVE-2013-2076: Information leak on XSAVE/XRSTOR capable AMD CPUs XSA-53/CVE-2013-2077: Hypervisor crash due to missing exception recovery on XRSTOR XSA-54/CVE-2013-2078: Hypervisor crash due to missing exception recovery on XSETBV...