[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-announce] Xen 4.2.3 released


  • To: xen-announce@xxxxxxxxxxxxx
  • From: Lars Kurth <lars.kurth@xxxxxxx>
  • Date: Mon, 09 Sep 2013 16:24:01 +0100
  • Delivery-date: Mon, 09 Sep 2013 15:50:29 +0000
  • List-id: "Xen announcements \(low volume\)" <xen-announce.lists.xen.org>


-------- Original Message --------
Subject: [Xen-devel] [ANNOUNCE] Xen 4.2.3 released
Date: Mon, 09 Sep 2013 15:52:24 +0100
From: Jan Beulich <JBeulich@xxxxxxxx>
To: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>


All,

I am pleased to announce the release of Xen 4.2.3. This is
available immediately from its git repository
http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.2 
(tag RELEASE-4.2.3) or from the XenProject download page
http://www.xenproject.org/downloads/xen-archives/supported-xen-42-series/xen-423.html 

This fixes the following critical vulnerabilities:
 * CVE-2013-1918 / XSA-45:
    Several long latency operations are not preemptible
 * CVE-2013-1952 / XSA-49:
    VT-d interrupt remapping source validation flaw for bridges
 * CVE-2013-2076 / XSA-52:
    Information leak on XSAVE/XRSTOR capable AMD CPUs
 * CVE-2013-2077 / XSA-53:
    Hypervisor crash due to missing exception recovery on XRSTOR
 * CVE-2013-2078 / XSA-54:
    Hypervisor crash due to missing exception recovery on XSETBV
 * CVE-2013-2194, CVE-2013-2195, CVE-2013-2196 / XSA-55:
    Multiple vulnerabilities in libelf PV kernel handling
 * CVE-2013-2072 / XSA-56:
    Buffer overflow in xencontrol Python bindings affecting xend
 * CVE-2013-2211 / XSA-57:
    libxl allows guest write access to sensitive console related xenstore keys
 * CVE-2013-1432 / XSA-58:
    Page reference counting error due to XSA-45/CVE-2013-1918 fixes
 * XSA-61:
    libxl partially sets up HVM passthrough even with disabled iommu

The following minor vulnerability is also being addressed:
 * CVE-2013-2007 / XSA-51
    qemu guest agent (qga) insecure file permissions

We recommend all users of the 4.2 stable series to update to this
latest point release.

Among many bug fixes and improvements:
 * addressing a regression from the fix for XSA-46
 * bug fixes to low level system state handling, including certain
    hardware errata workarounds

Regards,
Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


_______________________________________________
Xen-announce mailing list
Xen-announce@xxxxxxxxxxxxx
http://lists.xen.org/xen-announce

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.