[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Xen 4.3.1 released

Forwarding the following announcement...

From: Jan Beulich
Sent: Thursday, October 31, 2013 12:36 PM
Subject: Xen 4.3.1 released

I am pleased to announce the release of Xen 4.3.1. This is available 
immediately from its git repository
(tag RELEASE-4.3.1) or from the XenProject download page 

This fixes the following critical vulnerabilities:
 * CVE-2013-1922 / XSA-48
    qemu-nbd format-guessing due to missing format specification
 * CVE-2013-2007 / XSA-51
    qemu guest agent (qga) insecure file permissions
 * CVE-2013-1442 / XSA-62
    Information leak on AVX and/or LWP capable CPUs
 * CVE-2013-4355 / XSA-63
    Information leaks through I/O instruction emulation
 * CVE-2013-4356 / XSA-64
    Memory accessible by 64-bit PV guests under live migration
 * CVE-2013-4361 / XSA-66
    Information leak through fbld instruction emulation
 * CVE-2013-4368 / XSA-67
    Information leak through outs instruction emulation
 * CVE-2013-4369 / XSA-68
    possible null dereference when parsing vif ratelimiting info
 * CVE-2013-4370 / XSA-69
    misplaced free in ocaml xc_vcpu_getaffinity stub
 * CVE-2013-4371 / XSA-70
    use-after-free in libxl_list_cpupool under memory pressure
 * CVE-2013-4375 / XSA-71
    qemu disk backend (qdisk) resource leak
 * CVE-2013-4416 / XSA-72
    ocaml xenstored mishandles oversized message replies

We recommend all users of the 4.3 stable series to update to this first point 

Among the bug fixes and improvements (around 80 since Xen 4.3.0):
 * Adjustments to XSAVE management
 * Bug fixes to nested virtualization
 * Bug fixes for other low level system state handling
 * Bug fixes to the libxl tool stack


Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.