[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [ANNOUNCE] Xen 4.1.6.1 released


  • To: "xen-devel" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: "Jan Beulich" <JBeulich@xxxxxxxx>
  • Date: Tue, 10 Sep 2013 15:08:43 +0100
  • Delivery-date: Tue, 10 Sep 2013 14:09:09 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xen.org>

All,

I am pleased to announce the release of Xen 4.1.6.1. This is
available immediately from its git repository:
http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.1 
(tag RELEASE-4.1.6.1) or from the XenProject download page
http://www.xenproject.org/downloads/xen-archives/supported-xen-41-series/xen-4161.html
 

Note that 4.1.6 didn't get released, as a build issue was found late
in the release process, when the 4.1.6 version number was already
irreversibly applied.

Note further that this is expected to be the last release of the 4.1
stable series.

This fixes the following critical vulnerabilities:
 * CVE-2013-1918 / XSA-45:
    Several long latency operations are not preemptible
 * CVE-2013-1952 / XSA-49:
    VT-d interrupt remapping source validation flaw for bridges
 * CVE-2013-2076 / XSA-52:
    Information leak on XSAVE/XRSTOR capable AMD CPUs
 * CVE-2013-2077 / XSA-53:
    Hypervisor crash due to missing exception recovery on XRSTOR
 * CVE-2013-2078 / XSA-54:
    Hypervisor crash due to missing exception recovery on XSETBV
 * CVE-2013-2194, CVE-2013-2195, CVE-2013-2196 / XSA-55:
    Multiple vulnerabilities in libelf PV kernel handling
 * CVE-2013-2072 / XSA-56:
    Buffer overflow in xencontrol Python bindings affecting xend
 * CVE-2013-2211 / XSA-57:
    libxl allows guest write access to sensitive console related xenstore keys
 * CVE-2013-1432 / XSA-58:
    Page reference counting error due to XSA-45/CVE-2013-1918 fixes
 * XSA-61:
    libxl partially sets up HVM passthrough even with disabled iommu

We recommend all users of the 4.1 stable series to update to this
latest point release.

Among many bug fixes and improvements:
 * addressing a regression from the fix for XSA-21
 * addressing a regression from the fix for XSA-46
 * bug fixes to low level system state handling, including certain
    hardware errata workarounds

Regards,
Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.