Announcing the Release of Xen Project 4.3.1

jbeulich

jbeulich

1 min read

We are pleased to announce the release of Xen 4.3.1.  The is the latest point release in the Xen 4.3 series of releases.

Downloads:

This is available immediately from its git repository:
xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.3 (tag RELEASE-4.3.1).
It is also available for download from the XenProject.org website:
xenproject.org/downloads/xen-archives/supported-xen-43-series/xen-431.html

Fixes:

This fixes the following critical vulnerabilities:

  • CVE-2013-1922 / XSA-48 qemu-nbd format-guessing due to missing format specification
  • CVE-2013-2007 / XSA-51 qemu guest agent (qga) insecure file permissions
  • CVE-2013-1442 / XSA-62 Information leak on AVX and/or LWP capable CPUs
  • CVE-2013-4355 / XSA-63 Information leaks through I/O instruction emulation
  • CVE-2013-4356 / XSA-64 Memory accessible by 64-bit PV guests under live migration
  • CVE-2013-4361 / XSA-66 Information leak through fbld instruction emulation
  • CVE-2013-4368 / XSA-67 Information leak through outs instruction emulation
  • CVE-2013-4369 / XSA-68 possible null dereference when parsing vif ratelimiting info
  • CVE-2013-4370 / XSA-69 misplaced free in ocaml xc_vcpu_getaffinity stub
  • CVE-2013-4371 / XSA-70 use-after-free in libxl_list_cpupool under memory pressure
  • CVE-2013-4375 / XSA-71 qemu disk backend (qdisk) resource leak
  • CVE-2013-4416 / XSA-72 ocaml xenstored mishandles oversized message replies

We recommend all users of the 4.3 stable series to update to this latest point release.
Among the bug fixes and improvements (around 80 since Xen 4.3.0):

  • Adjustments to XSAVE management
  • Bug fixes to nested virtualization
  • Bug fixes for other low level system state handling
  • Bug fixes to the libxl tool stack

Read more

Welcome Honda to the Xen Project Board
12/09/2024

We're excited to announce our newest Advisory Board Member Honda, to Xen Project. Since its foundation, Honda has been committed to "creating a society that is useful to people" by utilizing its technologies and ideas. Honda also focuses on environmental responsiveness and traffic safety, and continue

Read more
Say hello to our new website
12/05/2024

Hello Xen Community, You may have noticed something different... We've refreshed our existing website! Why did we do this? Well, all these new changes are part of an ongoing effort to increase our visibility and make it easier to find information on pages. We know how important it

Read more
Xen Project Announces Performance and Security Advancements with Release of 4.19
08/05/2024

New release marks significant enhancements in performance, security, and versatility across various architectures.  SAN FRANCISCO – July 31st, 2024 – The Xen Project, an open source project under the Linux Foundation, is proud to announce the release of Xen Project 4.19. This release marks a significant milestone in enhancing performance, security,

Read more
Upcoming Closure of Xen Project Colo Facility
07/10/2024

Dear Xen Community, We regret to inform you that the Xen Project is currently experiencing unexpected changes due to the sudden shutdown of our colocated (colo) data center facility by Synoptek. This incident is beyond our control and will impact the continuity of OSSTest (the gating Xen Project CI loop)

Read more