lars.kurth at xen
Apr 25, 2013, 3:42 AM
Post #1 of 1
(120 views)
Permalink
|
-------- Original Message --------
Subject: [Xen-devel] [ANNOUNCE] Xen 4.1.5 released
Date: Thu, 25 Apr 2013 10:56:52 +0100
From: Jan Beulich <JBeulich [at] suse>
To: xen-devel <xen-devel [at] lists>
All,
I am pleased to announce the release of Xen 4.1.5. This is
available immediately from its git repository:
http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.1
(tag RELEASE-4.1.5) or from the XenProject download page
http://www.xenproject.org/downloads/xen-archives/supported-xen-41-series/xen-415.html
This fixes the following critical vulnerabilities:
* CVE-2012-5634 / XSA-33:
VT-d interrupt remapping source validation flaw
* CVE-2013-0153 / XSA-36:
interrupt remap entries shared and old ones not cleared on AMD IOMMUs
* CVE-2013-0215 / XSA-38:
oxenstored incorrect handling of certain Xenbus ring states
* CVE-2012-6075 / XSA-41:
qemu (e1000 device driver): Buffer overflow when processing large packets
* CVE-2013-1917 / XSA-44:
Xen PV DoS vulnerability with SYSENTER
* CVE-2013-1919 / XSA-46:
Several access permission issues with IRQs for unprivileged guests
* CVE-2013-1920 / XSA-47:
Potential use of freed memory in event channel operations
* CVE-2013-1964 / XSA-50:
grant table hypercall acquire/release imbalance
We recommend all users of the 4.1 stable series to update to this
latest point release.
Among many bug fixes and improvements (around 50 since Xen 4.1.4):
* ACPI APEI/ERST finally working on production systems
* Bug fixes for other low level system state handling
* Support for xz compressed Dom0 and DomU kernels
Regards,
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel [at] lists
http://lists.xen.org/xen-devel
|
