Xen 4.2.3 released

jbeulich

jbeulich

1 min read

I am pleased to announce the release of Xen 4.2.3. This is available immediately from its git repository xenbits.xen.org (tag RELEASE-4.2.3) or from the Xen Project download pages.
This release fixes the following critical vulnerabilities:

  • CVE-2013-1918 / XSA-45: Several long latency operations are not preemptible
  • CVE-2013-1952 / XSA-49: VT-d interrupt remapping source validation flaw for bridges
  • CVE-2013-2076 / XSA-52: Information leak on XSAVE/XRSTOR capable AMD CPUs
  • CVE-2013-2077 / XSA-53: Hypervisor crash due to missing exception recovery on XRSTOR
  • CVE-2013-2078 / XSA-54: Hypervisor crash due to missing exception recovery on XSETBV
  • CVE-2013-2194, CVE-2013-2195, CVE-2013-2196 / XSA-55: Multiple vulnerabilities in libelf PV kernel handling
  • CVE-2013-2072 / XSA-56: Buffer overflow in xencontrol Python bindings affecting xend
  • CVE-2013-2211 / XSA-57: libxl allows guest write access to sensitive console related xenstore keys
  • CVE-2013-1432 / XSA-58: Page reference counting error due to XSA-45/CVE-2013-1918 fixes
  • XSA-61: libxl partially sets up HVM passthrough even with disabled iommu

The following minor vulnerability is also being addressed:

  • CVE-2013-2007 / XSA-51: qemu guest agent (qga) insecure file permissions

We recommend all users of the 4.2 stable series to update to this latest point release. Among many bug fixes and improvements:

  • addressing a regression from the fix for XSA-46
  • bug fixes to low level system state handling, including certain hardware errata workarounds

Read more

Welcome Honda to the Xen Project Board
12/09/2024

We're excited to announce our newest Advisory Board Member Honda, to Xen Project. Since its foundation, Honda has been committed to "creating a society that is useful to people" by utilizing its technologies and ideas. Honda also focuses on environmental responsiveness and traffic safety, and continue

Read more
Say hello to our new website
12/05/2024

Hello Xen Community, You may have noticed something different... We've refreshed our existing website! Why did we do this? Well, all these new changes are part of an ongoing effort to increase our visibility and make it easier to find information on pages. We know how important it

Read more
Xen Project Announces Performance and Security Advancements with Release of 4.19
08/05/2024

New release marks significant enhancements in performance, security, and versatility across various architectures.  SAN FRANCISCO – July 31st, 2024 – The Xen Project, an open source project under the Linux Foundation, is proud to announce the release of Xen Project 4.19. This release marks a significant milestone in enhancing performance, security,

Read more
Upcoming Closure of Xen Project Colo Facility
07/10/2024

Dear Xen Community, We regret to inform you that the Xen Project is currently experiencing unexpected changes due to the sudden shutdown of our colocated (colo) data center facility by Synoptek. This incident is beyond our control and will impact the continuity of OSSTest (the gating Xen Project CI loop)

Read more