[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-announce] Xen 4.2.2 released


  • To: xen-announce@xxxxxxxxxxxxx
  • From: Lars Kurth <lars.kurth@xxxxxxx>
  • Date: Thu, 25 Apr 2013 11:42:06 +0100
  • Delivery-date: Thu, 25 Apr 2013 10:45:14 +0000
  • List-id: "Xen announcements \(low volume\)" <xen-announce.lists.xen.org>



-------- Original Message --------
Subject: [Xen-devel] [ANNOUNCE] Xen 4.2.2 released
Date: Thu, 25 Apr 2013 10:56:02 +0100
From: Jan Beulich <JBeulich@xxxxxxxx>
To: xen-devel <xen-devel@xxxxxxxxxxxxx>


All,

I am pleased to announce the release of Xen 4.2.2. This is
available immediately from its git repository
http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.2
(tag RELEASE-4.2.2) or from the XenProject download page
http://www.xenproject.org/downloads/xen-archives/supported-xen-42-series/xen-422.html

This fixes the following critical vulnerabilities:
 * CVE-2012-5634 / XSA-33:
    VT-d interrupt remapping source validation flaw
 * CVE-2013-0151 / XSA-34:
    nested virtualization on 32-bit exposes host crash
 * CVE-2013-0152 / XSA-35:
    Nested HVM exposes host to being driven out of memory by guest
 * CVE-2013-0153 / XSA-36:
    interrupt remap entries shared and old ones not cleared on AMD IOMMUs
 * CVE-2013-0154 / XSA-37:
    Hypervisor crash due to incorrect ASSERT (debug build only)
 * CVE-2013-0215 / XSA-38:
    oxenstored incorrect handling of certain Xenbus ring states
 * CVE-2012-6075 / XSA-41:
    qemu (e1000 device driver): Buffer overflow when processing large packets
 * CVE-2013-1917 / XSA-44:
    Xen PV DoS vulnerability with SYSENTER
 * CVE-2013-1919 / XSA-46:
    Several access permission issues with IRQs for unprivileged guests
 * CVE-2013-1920 / XSA-47:
    Potential use of freed memory in event channel operations
 * CVE-2013-1922 / XSA-48:
    qemu-nbd format-guessing due to missing format specification

We recommend all users of the 4.2 stable series to update to this
point release.

Among many bug fixes and improvements (around 100 since Xen 4.2.1):
 * ACPI APEI/ERST finally working on production systems
 * Bug fixes for other low level system state handling
 * Bug fixes and improvements to the libxl tool stack
 * Bug fixes to nested virtualization

Regards,
Jan



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel




_______________________________________________
Xen-announce mailing list
Xen-announce@xxxxxxxxxxxxx
http://lists.xen.org/xen-announce

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.