similar to: [ANNOUNCE] Xen 4.1.3 and 4.0.4 released

All, I am pleased to announce the release of Xen 4.2.2. This is available immediately from its git repository http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.2 (tag RELEASE-4.2.2) or from the XenProject download page http://www.xenproject.org/downloads/xen-archives/supported-xen-42-series/xen-422.html This fixes the following critical vulnerabilities: * CVE-2012-5634 /

Accepted: libxen-4.1_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb to main/x/xen/libxen-4.1_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb libxen-dev_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb to main/x/xen/libxen-dev_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb libxen-ocaml-dev_4.1.3~rc1+hg-20120614.a9c0a89c08f2-1_amd64.deb to

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-1917 / XSA-44 version 2 Xen PV DoS vulnerability with SYSENTER UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The SYSENTER instruction can be used by PV guests to accelerate system call processing. This

Folks, I am pleased to announce the release of Xen 4.1.4. This is available immediately from its mercurial repository: http://xenbits.xen.org/xen-4.1-testing.hg (tag RELEASE-4.1.4) This fixes the following critical vulnerabilities: * CVE-2012-3494 / XSA-12: hypercall set_debugreg vulnerability * CVE-2012-3495 / XSA-13: hypercall physdev_get_free_pirq vulnerability * CVE-2012-3496 /

CentOS Errata and Security Advisory 2013:X013 (Xen4CentOS) The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) ----------------------------- X86_64 ----------------------------- f3725f9d29b2fd85d3c9568d979b7ea0f26e1844bb7474b8ef4de2e124bae9ff xen-4.2.3-25.el6.centos.alt.x86_64.rpm

Source: xen Severity: grave Tags: security Multiple vulnerabilities are unfixed in xen: CVE-2015-5307: http://xenbits.xen.org/xsa/advisory-156.html CVE-2016-3960 http://xenbits.xen.org/xsa/advisory-173.html CVE-2016-3159 / CVE-2016-3158 http://xenbits.xen.org/xsa/advisory-172.html CVE-2016-2271 http://xenbits.xen.org/xsa/advisory-170.html CVE-2016-2270

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

CentOS Errata and Security Advisory 2013:X017 (Xen4CentOS) The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) ----------------------------- X86_64 ----------------------------- 588443b1936d3da45e5872a1578722fdac5ddf0eaeb02b8e47854a3c1d7a45f5 xen-4.2.3-26.el6.centos.alt.x86_64.rpm

CentOS Errata and Security Advisory 2014:X010 (Xen4CentOS) The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) ----------------------------- X86_64 ----------------------------- f5a30e6c7c17a391dfc218cce2c2ca52dba4bf61d6c2d664faecda673d72fdea xen-4.2.5-33.el6.centos.alt.x86_64.rpm

The following packages are updated for Xen4CentOS for CentOS 6: Source: 942bc436e401c798991ae4ca956082c12a5a3b65ec53cd7ec9901dda7704f9b7 e1000e-2.5.4-3.10.63.2.el6.centos.alt.src.rpm aa46f97636568c46295d2d99f1e33b5fda50df707a2a8321a516200b8b4e95a6 kernel-3.10.63-11.el6.centos.alt.src.rpm ea44d2658e096ef6f00f7dfd4fecc6bff977d959563e4929539d23643b134c3a libvirt-0.10.2.8-9.el6.centos.alt.src.rpm

CentOS Errata and Security Advisory 2014:X004 (Xen4CentOS) The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) ----------------------------- X86_64 ----------------------------- bb6f3ba6c19f731b233c6c0ec338f9b92f418664dc1fd4f31ddc2e3ee2848583 xen-4.2.3-28.el6.centos.alt.x86_64.rpm

CentOS Errata and Security Advisory 2014:X008 (Xen4CentOS) The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) ----------------------------- X86_64 ----------------------------- 58469d64c897d1deb6832b2cc69d1d28c83162075835d256ff56996aecb8d145 xen-4.2.4-33.el6.centos.alt.x86_64.rpm

Dear Security Team, I have prepared a new upload addressing a number of open security issues in Xen. Due to the complexity of the patches that address XSA-273 [0] the packages have been built from upstream's staging-4.8 / staging-4.10 branch again as recommended in that advisory. Commits on those branches are restricted to those that address the following XSAs (cf. [1]): - XSA-273

Ian Jackson writes ("64bit PV guest breakout [XSA-213]"): > Source: xen > Version: 4.4.1-9 > Severity: important > Tags: security upstream fixed-upstream > > See > https://xenbits.xen.org/xsa/advisory-213.html Ian Jackson writes ("grant transfer allows PV guest to elevate privileges [XSA-214]"): > Source: xen > Version: 4.4.1-9 > Severity:

The time has come for another round of stable releases. Please send (or resend) any outstanding backport requests for 4.0.4 and 4.1.3 before Friday 20 April. Note that 4.0.4 will likely be the last release in the 4.0.x branch. Ian.

Source: xen Severity: important Tags: security These Xen vulnerabilities are unfixed in unstable: CVE-2015-4164: http://xenbits.xen.org/xsa/advisory-136.html CVE-2015-4163: http://xenbits.xen.org/xsa/advisory-134.html CVE-2015-3340: http://xenbits.xen.org/xsa/advisory-132.html CVE-2015-3259: http://xenbits.xen.org/xsa/advisory-137.html Cheers, Moritz

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

CentOS Errata and Security Advisory 2014:X002 (Xen4CentOS) The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) ----------------------------- X86_64 ----------------------------- be67f02a8f9eb6193ce790bf21048b2e6e2e17256ec8d236278d6b38a41af47a xen-4.2.3-27.el6.centos.alt.x86_64.rpm

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 17 Aug 2012 11:25:02 +0200 Source: xen Binary: xen-docs-4.1 libxen-4.1 libxenstore3.0 libxen-dev xenstore-utils libxen-ocaml libxen-ocaml-dev xen-utils-common xen-utils-4.1 xen-hypervisor-4.1-amd64 xen-system-amd64 xen-hypervisor-4.1-i386 xen-system-i386 Architecture: source amd64 all Version: 4.1.3-1 Distribution: