XEN Security Update XSA-148/149/150/151/152/153, CVE-2015-7835/7969/7970/7969/7971/7972
Issue | Summary | Affected Versions | Fixed | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Static Compute Resources | CloudBoot Compute Resources | Static Compute Resources | CloudBoot Compute Resources | ||||||
| CentOS 5.x | CentOS 6.x | CentOS 5.x | CentOS 6.x | CentOS 5.x | CentOS 6.x | CentOS 5.x | CentOS 6.x | ||
| XSA-148/CVE-2015-7835 | Uncontrolled creation of large page mappings by PV guests. | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | -** |
| XSA-149/CVE-2015-7969 | Leak of main per-domain vCPU pointer array. | - | ✓ | - | ✓ | - | ✓ | - | -** |
| XSA-150/CVE-2015-7970 | Long latency populate-on-demand operation is not preemptible. | ✓* | ✓* | ✓* | ✓* | - | ✓ | - | -** |
| XSA-151/CVE-2015-7969 | Leak of per-domain profiling-related vCPU pointer array. | - | ✓ | - | ✓ | - | ✓ | - | -** |
| XSA-152/CVE-2015-7971 | Some pmu and profiling hypercalls log without rate limiting. | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | -** |
| XSA-153/CVE-2015-7972 | Populate-on-demend balloon size inaccuracy can crash guests. | ✓* | ✓* | ✓* | ✓* | - | ✓ | - | -** |
* This issue affects compute resources running Windows 2008, 2012 and FreeBSD guests with memory hot-resizing enabled.
** These issues will be fixed in a future CloudBoot update.
Static Compute Resources
For customers willing to upgrade to the latest compute resource tools (corresponding to OnApp version installed)
To eliminate the security issue for Static Compute Resources:
Run the OnApp Xen Compute Resource installer
1/onapp/onapp-hv-install/onapp-hv-xen-install.shReboot all VSs, which are created at the compute resource.
For customers which are using latest compute resource tools or do not want to upgrade them:
CentOS 5.x
1# yum update xen xen-libsThis should update to the xen-3.4.4-17.el5.onapp.x86_64 version.
CentOS 6.x
1# yum update xen xen-hypervisorThis should update to the xen-4.2.5-38.16.onapp.el6.x86_64 version.
Reboot all VSs, which are created at the compute resource.
CloudBoot Compute resources
To eliminate the security issue for Cloudboot Compute Resources, run the OnApp 4.1.0-9 Storage Update. This should update to the following version:
CentOS 5.x | |||
|---|---|---|---|
| Xen |
|
