hf8017 is a mandatory hotfix for CA AppLogic® versions 3.1.14 and 3.5.19.
hf8017 resolves SCR#8017: Product: Xen Security Vulnerabilities (XSA #6 - #31).
hf 8017 also resolves SCR#7759, which resolves Xen Security Advisory XSA-25, where an Out-of-memory error can occur due to a malicious kernel/ramdisk.
This hotfix resolves the following Xen Security Advisories:
XSA-6 HVM e1000, buffer overflow.
XSA-7 64-bit PV guest privilege escalation vulnerability.
XSA-8 Guest denial of service on syscall/sysenter exception generation.
XSA-9 PV guest host Denial of Service.
XSA-11 HVM guest destroy p2m teardown host DoS vulnerability.
XSA-12 Hypercall set_debugreg vulnerability.
XSA-13 Hypercall physdev_get_free_pirq vulnerability.
XSA-14 XENMEM_populate_physmap DoS vulnerability.
XSA-16 PHYSDEVOP_map_pirq index vulnerability.
XSA-17 Qemu VT100 emulation vulnerability.
XSA-19 Guest administrator can access qemu monitor console.
XSA-20 Timer overflow DoS vulnerability.
XSA-21 pirq range check DoS vulnerability.
XSA-22 Memory mapping failure DoS vulnerability.
XSA-23 Unhooking empty PAE entries DoS vulnerability.
XSA-24 Grant table hypercall infinite loop DoS vulnerability.
XSA-25 Xen domain builder Out-of-memory due to malicious kernel/ramdisk.
XSA-26 Grant table version switch list corruption vulnerability.
XSA-27 several HVM operations do not validate the range of their inputs.
XSA-28 HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak.
XSA-29 XENMEM_exchange may overwrite hypervisor memory.
XSA-30 Broken error handling in guest_physmap_mark_populate_on_demand().
XSA-31 Several memory hypercall operations allow invalid extent order values.
Note: hf8017 includes hf7611 and hf7759. hf8017 is only for Xen-based grids and does not affect ESX-based grids.
This hotfix is only for 3.1.14 and 3.5.19 Xen-based grids (and may not be used with any other version). This hotfix replaces files on the servers of the grid. Therefore, a grid reboot is required after applying this hotfix. For versions 3.1.14 and 3.5.19, if this hotfix is installed using BFC, on a grid and afterwards a new server is added to the grid, this hotfix is automatically installed on the newly added server; however the newly added server must be rebooted for the hotfix to take effect. For versions 3.1.14 and 3.5.19, if a grid is created using BFC and hf8017 is installed during the grid creation process, the grid needs to be rebooted after the grid creation has completed in order for the hotfix to take effect.
|
Copyright © 2012 CA.
All rights reserved.
|
|