|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] Xen 4.3.2 released
All, I am pleased to announce the release of Xen 4.3.2. This is available immediately from its git repository http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.3 (tag RELEASE-4.3.2) or from the XenProject download page http://www.xenproject.org/downloads/xen-archives/supported-xen-43-series/xen-432.html This fixes the following critical vulnerabilities: * CVE-2013-2212 / XSA-60 Excessive time to disable caching with HVM guests with PCI passthrough * CVE-2013-4494 / XSA-73 Lock order reversal between page allocation and grant table locks * CVE-2013-4553 / XSA-74 Lock order reversal between page_alloc_lock and mm_rwlock * CVE-2013-4551 / XSA-75 Host crash due to guest VMX instruction execution * CVE-2013-4554 / XSA-76 Hypercalls exposed to privilege rings 1 and 2 of HVM guests * CVE-2013-6375 / XSA-78 Insufficient TLB flushing in VT-d (iommu) code * CVE-2013-6400 / XSA-80 IOMMU TLB flushing may be inadvertently suppressed * CVE-2013-6885 / XSA-82 Guest triggerable AMD CPU erratum may cause host hang * CVE-2014-1642 / XSA-83 Out-of-memory condition yielding memory corruption during IRQ setup * CVE-2014-1891 / XSA-84 integer overflow in several XSM/Flask hypercalls * CVE-2014-1895 / XSA-85 Off-by-one error in FLASK_AVC_CACHESTAT hypercall * CVE-2014-1896 / XSA-86 libvchan failure handling malicious ring indexes * CVE-2014-1666 / XSA-87 PHYSDEVOP_{prepare,release}_msix exposed to unprivileged guests * CVE-2014-1950 / XSA-88 use-after-free in xc_cpupool_getinfo() under memory pressure Apart from those there are many further bug fixes and improvements. We recommend all users of the 4.3 stable series to update to this latest point release. Regards, Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |