[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Xen-announce] Xen 4.3.4 released
[Sent on behalf of Jan Beulich]
I am pleased to announce the release of Xen 4.3.4. This is available immediately from its git repository http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.3 (tag RELEASE-4.3.4) or from the XenProject download page http://www.xenproject.org/downloads/xen-archives/xen-43-series/xen-434.html
Note that this is expected to be the last release of the 4.3 stable series. The tree will be switched to security only maintenance mode after this release.
This fixes the following critical vulnerabilities: * CVE-2014-5146, CVE-2014-5149 / XSA-97 Long latency virtual-mmu operations are not preemptible * CVE-2014-7154 / XSA-104 Race condition in HVMOP_track_dirty_vram * CVE-2014-7155 / XSA-105 Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation * CVE-2014-7156 / XSA-106 Missing privilege level checks in x86 emulation of software interrupts * CVE-2014-7188 / XSA-108 Improper MSR range used for x2APIC emulation * CVE-2014-8594 / XSA-109 Insufficient restrictions on certain MMU update hypercalls * CVE-2014-8595 / XSA-110 Missing privilege level checks in x86 emulation of far branches * CVE-2014-8866 / XSA-111 Excessive checking in compatibility mode hypercall argument translation * CVE-2014-8867 / XSA-112 Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor * CVE-2014-9030 / XSA-113 Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling * CVE-2014-9065, CVE-2014-9066 / XSA-114 p2m lock starvation * CVE-2015-0361 / XSA-116 xen crash due to use after free on hvm guest teardown * CVE-2015-2152 / XSA-119 HVM qemu unexpectedly enabling emulated VGA graphics backends * CVE-2015-2044 / XSA-121 Information leak via internal x86 system device emulation * CVE-2015-2045 / XSA-122 Information leak through version information hypercall * CVE-2015-2151 / XSA-123 Hypervisor memory corruption due to x86 emulator flaw
Sadly the workaround for CVE-2013-3495 / XSA-59 (Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts) still can't be guaranteed to cover all affected chipsets; Intel continues to be working on providing us with a complete list.
Apart from those there are many further bug fixes and improvements.
We recommend all users of the 4.3 stable series to update to this latest point release.
Regards, Jan |
_______________________________________________
Xen-announce mailing list
Xen-announce@xxxxxxxxxxxxx
http://lists.xen.org/xen-announce
|