All,
I am pleased to announce the release of Xen 4.2.2. This is
available immediately from its git repository
http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.2
(tag RELEASE-4.2.2) or from the XenProject download page
http://www.xenproject.org/downloads/xen-archives/supported-xen-42-series/xen-422.html
This fixes the following critical vulnerabilities:
* CVE-2012-5634 / XSA-33:
VT-d interrupt remapping source validation flaw
* CVE-2013-0151 / XSA-34:
nested virtualization on 32-bit exposes host crash
* CVE-2013-0152 / XSA-35:
Nested HVM exposes host to being driven out of memory by guest
* CVE-2013-0153 / XSA-36:
interrupt remap entries shared and old ones not cleared on AMD IOMMUs
* CVE-2013-0154 / XSA-37:
Hypervisor crash due to incorrect ASSERT (debug build only)
* CVE-2013-0215 / XSA-38:
oxenstored incorrect handling of certain Xenbus ring states
* CVE-2012-6075 / XSA-41:
qemu (e1000 device driver): Buffer overflow when processing large packets
* CVE-2013-1917 / XSA-44:
Xen PV DoS vulnerability with SYSENTER
* CVE-2013-1919 / XSA-46:
Several access permission issues with IRQs for unprivileged guests
* CVE-2013-1920 / XSA-47:
Potential use of freed memory in event channel operations
* CVE-2013-1922 / XSA-48:
qemu-nbd format-guessing due to missing format specification
We recommend all users of the 4.2 stable series to update to this
point release.
Among many bug fixes and improvements (around 100 since Xen 4.2.1):
* ACPI APEI/ERST finally working on production systems
* Bug fixes for other low level system state handling
* Bug fixes and improvements to the libxl tool stack
* Bug fixes to nested virtualization
Regards,
Jan
