Folks,
I am pleased to announce the release of Xen 4.1.4. This is
available immediately from its mercurial repository:
http://xenbits.xen.org/xen-4.1-testing.hg (tag RELEASE-4.1.4)
This fixes the following critical vulnerabilities:
* CVE-2012-3494 / XSA-12:
hypercall set_debugreg vulnerability
* CVE-2012-3495 / XSA-13:
hypercall physdev_get_free_pirq vulnerability
* CVE-2012-3496 / XSA-14:
XENMEM_populate_physmap DoS vulnerability
* CVE-2012-3498 / XSA-16:
PHYSDEVOP_map_pirq index vulnerability
* CVE-2012-3515 / XSA-17:
Qemu VT100 emulation vulnerability
* CVE-2012-4411 / XSA-19:
guest administrator can access qemu monitor console
* CVE-2012-4535 / XSA-20:
Timer overflow DoS vulnerability
* CVE-2012-4536 / XSA-21:
pirq range check DoS vulnerability
* CVE-2012-4537 / XSA-22:
Memory mapping failure DoS vulnerability
* CVE-2012-4538 / XSA-23:
Unhooking empty PAE entries DoS vulnerability
* CVE-2012-4539 / XSA-24:
Grant table hypercall infinite loop DoS vulnerability
* CVE-2012-4544,CVE-2012-2625 / XSA-25:
Xen domain builder Out-of-memory due to malicious kernel/ramdisk
* CVE-2012-5510 / XSA-26:
Grant table version switch list corruption vulnerability
* CVE-2012-5511 / XSA-27:
several HVM operations do not validate the range of their inputs
* CVE-2012-5512 / XSA-28:
HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak
* CVE-2012-5513 / XSA-29:
XENMEM_exchange may overwrite hypervisor memory
* CVE-2012-5514 / XSA-30:
Broken error handling in guest_physmap_mark_populate_on_demand()
* CVE-2012-5515 / XSA-31:
Several memory hypercall operations allow invalid extent order values
We recommend all users of the 4.1 stable series to update to this
latest point release.
Among many bug fixes and improvements (almost 100 since Xen 4.1.3):
* A fix for a long standing time management issue
* Bug fixes for S3 (suspend to RAM) handling
* Bug fixes for other low level system state handling
Regards,
Jan
Hello, On Tue, Dec 18, 2012 at 2:48 PM, Jan Beulich <JBeulich@suse.com> wrote:> I am pleased to announce the release of Xen 4.1.4. This is > available immediately from its mercurial repository: > http://xenbits.xen.org/xen-4.1-testing.hg (tag RELEASE-4.1.4)I can''t find the RELEASE-4.1.4 tag http://xenbits.xen.org/hg/xen-4.1-testing.hg/tags last one is 4.1.4-rc2 at the moment. Regards, -- William
On Tue, Dec 18, 2012 at 06:22:13PM +0100, William Dauchy wrote:> Hello, > > On Tue, Dec 18, 2012 at 2:48 PM, Jan Beulich <JBeulich@suse.com> wrote: > > I am pleased to announce the release of Xen 4.1.4. This is > > available immediately from its mercurial repository: > > http://xenbits.xen.org/xen-4.1-testing.hg (tag RELEASE-4.1.4) > > I can''t find the RELEASE-4.1.4 tag > http://xenbits.xen.org/hg/xen-4.1-testing.hg/tags > last one is 4.1.4-rc2 at the moment. >It''s in the staging tree: http://xenbits.xen.org/hg/staging/xen-4.1-testing.hg/tags It hasn''t passed the automated tests yet, so push to the non-staging tree hasn''t happened. -- Pasi
Apparently Analagous Threads
- [PATCH] memop: adjust error checking in populate_physmap()
- Bug#859560: xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)
- Xen 4.1.4 release imminent?
- Processed: reassign 780227 to src:xen, found 780227 in 4.1.4-1, fixed 780227 in 4.1.4-3+deb7u5
- Xen Security Advisory 14 (CVE-2012-3496) - XENMEM_populate_physmap DoS vulnerability