[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [ANNOUNCE] Xen 4.1.4 released



Folks,

I am pleased to announce the release of Xen 4.1.4. This is
available immediately from its mercurial repository:
http://xenbits.xen.org/xen-4.1-testing.hg (tag RELEASE-4.1.4)

This fixes the following critical vulnerabilities:
 * CVE-2012-3494 / XSA-12:
    hypercall set_debugreg vulnerability
 * CVE-2012-3495 / XSA-13:
    hypercall physdev_get_free_pirq vulnerability
 * CVE-2012-3496 / XSA-14:
    XENMEM_populate_physmap DoS vulnerability
 * CVE-2012-3498 / XSA-16:
    PHYSDEVOP_map_pirq index vulnerability
 * CVE-2012-3515 / XSA-17:
    Qemu VT100 emulation vulnerability
 * CVE-2012-4411 / XSA-19:
    guest administrator can access qemu monitor console
 * CVE-2012-4535 / XSA-20:
    Timer overflow DoS vulnerability
 * CVE-2012-4536 / XSA-21:
    pirq range check DoS vulnerability
 * CVE-2012-4537 / XSA-22:
    Memory mapping failure DoS vulnerability
 * CVE-2012-4538 / XSA-23:
    Unhooking empty PAE entries DoS vulnerability
 * CVE-2012-4539 / XSA-24:
    Grant table hypercall infinite loop DoS vulnerability
 * CVE-2012-4544,CVE-2012-2625 / XSA-25:
    Xen domain builder Out-of-memory due to malicious kernel/ramdisk
 * CVE-2012-5510 / XSA-26:
    Grant table version switch list corruption vulnerability
 * CVE-2012-5511 / XSA-27:
    several HVM operations do not validate the range of their inputs
 * CVE-2012-5512 / XSA-28:
    HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak
 * CVE-2012-5513 / XSA-29:
    XENMEM_exchange may overwrite hypervisor memory
 * CVE-2012-5514 / XSA-30:
    Broken error handling in guest_physmap_mark_populate_on_demand()
 * CVE-2012-5515 / XSA-31:
    Several memory hypercall operations allow invalid extent order values

We recommend all users of the 4.1 stable series to update to this
latest point release.

Among many bug fixes and improvements (almost 100 since Xen 4.1.3):
 * A fix for a long standing time management issue
 * Bug fixes for S3 (suspend to RAM) handling
 * Bug fixes for other low level system state handling

Regards,
Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.