Aug 112012
 

Just finishing off the final touches to my Xen RPMs for version 4.1.3. Changes from the Xen release notes include:

Xen.org is pleased to announce the release of Xen 4.0.4 and 4.1.3.
These fix the following critical vulnerabilities:
* CVE-2012-0217 / XSA-7: PV guest privilege escalation vulnerability
* CVE-2012-0218 / XSA-8: guest denial of service on syscall/sysenter exception generation
* CVE-2012-2934 / XSA-9: PV guest host Denial of Service
* CVE-2012-3432 / XSA-10: HVM guest user mode MMIO emulation DoS vulnerability
* CVE-2012-3433 / XSA-11: HVM guest destroy p2m teardown host DoS vulnerability

We recommend all users of the 4.0 and 4.1 stable series to update to these latest point releases.

Among many bug fixes and improvements (over 100 since Xen 4.1.2):
* Updates for the latest Intel/AMD CPU revisions
* Bug fixes and improvements to the libxl tool stack
* Bug fixes for IOMMU handling (device passthrough to HVM guests)
* Bug fixes for host kexec/kdump

NOTE: My previous 4.1.2 packages were already fixed for XSA-7, XSA-8, and XSA-9.

The new packages can be installed via yum – or if you’re a first time installer, you should follow the guide.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)