[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [ANNOUNCE] Xen 4.4.1 released



All,

I am pleased to announce the release of Xen 4.4.1. This is
available immediately from its git repository
http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.4 
(tag RELEASE-4.4.1) or from the XenProject download page
http://www.xenproject.org/downloads/xen-archives/supported-xen-44-series/xen-441.html
 

This fixes the following critical vulnerabilities:
 * CVE-2014-2599 / XSA-89
    HVMOP_set_mem_access is not preemptible
 * CVE-2014-3125 / XSA-91
    Hardware timer context is not properly context switched on ARM
 * CVE-2014-3124 / XSA-92
    HVMOP_set_mem_type allows invalid P2M entries to be created
 * CVE-2014-2915 / XSA-93
    Hardware features unintentionally exposed to guests on ARM
 * CVE-2014-2986 / XSA-94
    ARM hypervisor crash on guest interrupt controller access
 * CVE-2014-3714,CVE-2014-3715,CVE-2014-3716,CVE-2014-3717 / XSA-95
    input handling vulnerabilities loading guest kernel on ARM
 * CVE-2014-3967,CVE-2014-3968 / XSA-96
    Vulnerabilities in HVM MSI injection
 * CVE-2014-3969 / XSA-98
    insufficient permissions checks accessing guest memory on ARM
 * CVE-2014-4021 / XSA-100
    Hypervisor heap contents leaked to guests
 * CVE-2014-4022 / XSA-101
    information leak via gnttab_setup_table on ARM
 * CVE-2014-5147 / XSA-102
    Flaws in handling traps from 32-bit userspace on 64-bit ARM
 * CVE-2014-5148 / XSA-103
    Flaw in handling unknown system register access from 64-bit userspace on ARM

Additionally a workaround for CVE-2013-3495 / XSA-59 (Intel VT-d
Interrupt Remapping engines can be evaded by native NMI
interrupts) has been put in place. However, at this point we can't
guarantee that all affected chipsets are being covered; Intel is
working diligently on providing us with a complete list.

Apart from those there are many further bug fixes and improvements.

We recommend all users of the 4.4 stable series to update to this
first point release.

Regards,
Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.