Sep 072012

Changes in this version:
* Fri Sep 07 2012 Steven Haigh <netwiz> - 4.1.3-2
- XSA12 (CVE-2012-3494) - hypercall set_debugreg vulnerability
- XSA13 (CVE-2012-3495) - hypercall physdev_get_free_pirq vulnerability
- XSA14 (CVE-2012-3496) - XENMEM_populate_physmap DoS vulnerability
- XSA16 (CVE-2012-3498) - PHYSDEVOP_map_pirq index vulnerability
- XSA17 (CVE-2012-3515) - Qemu VT100 emulation vulnerability
- XSA19 guest administrator can access qemu monitor console

Everyone should update to these packages ASAP.

  5 Responses to “Xen packages 4.1.3-2 released.”

  1. Hi Steve,


    Can you give us the xen-4.1.3 src rpm for centos 5?

  2. Just wanted to say thanks for providing these packages, great job.

    Are the srpm’s available?


  3. The SRPMs are available in the SRPM directory on each repo mirror.

  4. Dear Steven,

    I would like to enable the Virtual TPM in the Xen that I have installed from your RPMs. Nevertheless, it seems that the packages are not compiled with the “–enable-vtpm” flag. Is there any possibility to rebuild the packages with it?

    I have tried to download the source RPM, but I have noticed that the “configure” tool is not present in the built-in xen-4.1.3.tar.gz and that the “xen.spec” file does not contain any section to include the flag. How could I rebuild the RPM with it?


 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>