
lars.kurth at xen
Apr 25, 2013, 3:42 AM
Post #1 of 1
(120 views)
Permalink
|
-------- Original Message -------- Subject: [Xen-devel] [ANNOUNCE] Xen 4.1.5 released Date: Thu, 25 Apr 2013 10:56:52 +0100 From: Jan Beulich <JBeulich [at] suse> To: xen-devel <xen-devel [at] lists> All, I am pleased to announce the release of Xen 4.1.5. This is available immediately from its git repository: http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.1 (tag RELEASE-4.1.5) or from the XenProject download page http://www.xenproject.org/downloads/xen-archives/supported-xen-41-series/xen-415.html This fixes the following critical vulnerabilities: * CVE-2012-5634 / XSA-33: VT-d interrupt remapping source validation flaw * CVE-2013-0153 / XSA-36: interrupt remap entries shared and old ones not cleared on AMD IOMMUs * CVE-2013-0215 / XSA-38: oxenstored incorrect handling of certain Xenbus ring states * CVE-2012-6075 / XSA-41: qemu (e1000 device driver): Buffer overflow when processing large packets * CVE-2013-1917 / XSA-44: Xen PV DoS vulnerability with SYSENTER * CVE-2013-1919 / XSA-46: Several access permission issues with IRQs for unprivileged guests * CVE-2013-1920 / XSA-47: Potential use of freed memory in event channel operations * CVE-2013-1964 / XSA-50: grant table hypercall acquire/release imbalance We recommend all users of the 4.1 stable series to update to this latest point release. Among many bug fixes and improvements (around 50 since Xen 4.1.4): * ACPI APEI/ERST finally working on production systems * Bug fixes for other low level system state handling * Support for xz compressed Dom0 and DomU kernels Regards, Jan _______________________________________________ Xen-devel mailing list Xen-devel [at] lists http://lists.xen.org/xen-devel
|