All, I am pleased to announce the release of Xen 4.2.3. This is available immediately from its git repository http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.2 (tag RELEASE-4.2.3) or from the XenProject download page http://www.xenproject.org/downloads/xen-archives/supported-xen-42-series/xen-423.html This fixes the following critical vulnerabilities: * CVE-2013-1918 / XSA-45: Several long latency operations are not preemptible * CVE-2013-1952 / XSA-49: VT-d interrupt remapping source validation flaw for bridges * CVE-2013-2076 / XSA-52: Information leak on XSAVE/XRSTOR capable AMD CPUs * CVE-2013-2077 / XSA-53: Hypervisor crash due to missing exception recovery on XRSTOR * CVE-2013-2078 / XSA-54: Hypervisor crash due to missing exception recovery on XSETBV * CVE-2013-2194, CVE-2013-2195, CVE-2013-2196 / XSA-55: Multiple vulnerabilities in libelf PV kernel handling * CVE-2013-2072 / XSA-56: Buffer overflow in xencontrol Python bindings affecting xend * CVE-2013-2211 / XSA-57: libxl allows guest write access to sensitive console related xenstore keys * CVE-2013-1432 / XSA-58: Page reference counting error due to XSA-45/CVE-2013-1918 fixes * XSA-61: libxl partially sets up HVM passthrough even with disabled iommu The following minor vulnerability is also being addressed: * CVE-2013-2007 / XSA-51 qemu guest agent (qga) insecure file permissions We recommend all users of the 4.2 stable series to update to this latest point release. Among many bug fixes and improvements: * addressing a regression from the fix for XSA-46 * bug fixes to low level system state handling, including certain hardware errata workarounds Regards, Jan