Xen 4.1.3 and 4.0.4 released

Xen.org is pleased to announce the release of Xen 4.0.4 and 4.1.3. These are available immediately from the download pages

We recommend to all users of the Xen 4.1 and 4.0 stable series to update to these latest point releases. The releases contain the following fixes and improvements.

Critical vulnerabilities:

  • CVE-2012-0217 / XSA-7: PV guest privilege escalation vulnerability
  • CVE-2012-0218 / XSA-8: guest denial of service on syscall/sysenter exception generation
  • CVE-2012-2934 / XSA-9: PV guest host Denial of Service
  • CVE-2012-3432 / XSA-10: HVM guest user mode MMIO emulation DoS vulnerability
  • CVE-2012-3433 / XSA-11: HVM guest destroy p2m teardown host DoS vulnerability

You can find more detailed descriptions of these vulnerabilities on the Security Announcement page.

Bug fixes:

The releases contain over 100 bug fixes and smaller improvements since Xen 4.1.2 and 4.0.3. The most significant fixes are:

  • Updates for the latest Intel/AMD CPU revisions
  • Bug fixes and improvements to the libxl tool stack
  • Bug fixes for IOMMU handling (device passthrough to HVM guests)
  • Bug fixes for host kexec/kdump

Thank you to the many contributors to the project. Should you discover any bugs, please consult the Bug Reporting Guidelines. Also note, that Xen 4.2 release candidates are available for testing and that we will run the first Xen Test Day next Tuesday. For more information see here.

This entry was posted in Uncategorized on by .

About Lars Kurth

Lars Kurth is a highly effective, passionate community manager with strong experience of working with open source communities (Symbian, Symbian DevCo, Eclipse, GNU) and currently is community manager for xen.org. Lars has 9 years of experience building and leading engineering teams and a track record of executing several change programs impacting 1000 users. Lars has 16 years of industry experience in the tools and mobile sector working at ARM, Symbian Ltd, Symbian Foundation and Nokia. Lars has strong analytical, communication, influencing and presentation skills, good knowledge of marketing and product management and extensive background in C/C , Java and software development practices which he learned working as community manager, product manager, chief architect, engineering manager and software developer. If you want to know more, check out uk.linkedin.com/in/larskurth. Personally, Lars has a wide range of interests such as literature, theatre, cinema, cooking and gardening. He is particularly fascinated by orchids and carnivorous plants and has built a rather large collection of plants from all over the world. His love for plants extends into a passion for travel, in particular to see plants grow in their native habitats.