[kernel-xen] Xen 4.2.3 released

Steven Haigh netwiz at crc.id.au
Tue Sep 10 03:16:22 EST 2013


Hi all,

As per the upstream release announcement:

----------------- Begin announcement -----------------
I am pleased to announce the release of Xen 4.2.3. This is
available immediately from its git repository
http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.2
(tag RELEASE-4.2.3) or from the XenProject download page
http://www.xenproject.org/downloads/xen-archives/supported-xen-42-series/xen-423.html


This fixes the following critical vulnerabilities:
 * CVE-2013-1918 / XSA-45:
    Several long latency operations are not preemptible
 * CVE-2013-1952 / XSA-49:
    VT-d interrupt remapping source validation flaw for bridges
 * CVE-2013-2076 / XSA-52:
    Information leak on XSAVE/XRSTOR capable AMD CPUs
 * CVE-2013-2077 / XSA-53:
    Hypervisor crash due to missing exception recovery on XRSTOR
 * CVE-2013-2078 / XSA-54:
    Hypervisor crash due to missing exception recovery on XSETBV
 * CVE-2013-2194, CVE-2013-2195, CVE-2013-2196 / XSA-55:
    Multiple vulnerabilities in libelf PV kernel handling
 * CVE-2013-2072 / XSA-56:
    Buffer overflow in xencontrol Python bindings affecting xend
 * CVE-2013-2211 / XSA-57:
    libxl allows guest write access to sensitive console related
xenstore keys
 * CVE-2013-1432 / XSA-58:
    Page reference counting error due to XSA-45/CVE-2013-1918 fixes
 * XSA-61:
    libxl partially sets up HVM passthrough even with disabled iommu

The following minor vulnerability is also being addressed:
 * CVE-2013-2007 / XSA-51
    qemu guest agent (qga) insecure file permissions

We recommend all users of the 4.2 stable series to update to this
latest point release.

Among many bug fixes and improvements:
 * addressing a regression from the fix for XSA-46
 * bug fixes to low level system state handling, including certain
    hardware errata workarounds
----------------- End announcement -----------------

Packages are built and syncing to the repos as we speak.

-- 
Steven Haigh

Email: netwiz at crc.id.au
Web: https://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897
Fax: (03) 8338 0299

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.wireless.org.au/pipermail/kernel-xen/attachments/20130910/19e6af9a/attachment.sig>


More information about the kernel-xen mailing list