Author Archives: jbeulich

Xen Project Maintenance Releases Available (Versions 4.4.1, 4.3.3, 4.2.5)

I am pleased to announce the release of Xen 4.4.1, 4.3.3 and 4.2.5. We recommend that all users of the 4.4, 4.3 and 4.2 stable series update to the latest point release.

Xen 4.4.1

Xen 4.4.1 is available immediately from its git repository http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.4
(tag RELEASE-4.4.1) or from the XenProject download page http://www.xenproject.org/downloads/xen-archives/supported-xen-44-series/xen-441.html

This release fixes the following critical vulnerabilities:

  • CVE-2014-2599 / XSA-89: HVMOP_set_mem_access is not preemptible
  • CVE-2014-3125 / XSA-91: Hardware timer context is not properly context switched on ARM
  • CVE-2014-3124 / XSA-92: HVMOP_set_mem_type allows invalid P2M entries to be created
  • CVE-2014-2915 / XSA-93: Hardware features unintentionally exposed to guests on ARM
  • CVE-2014-2986 / XSA-94: ARM hypervisor crash on guest interrupt controller access
  • CVE-2014-3714,CVE-2014-3715,CVE-2014-3716,CVE-2014-3717 / XSA-95: input handling vulnerabilities loading guest kernel on ARM
  • CVE-2014-3967,CVE-2014-3968 / XSA-96: Vulnerabilities in HVM MSI injection
  • CVE-2014-3969 / XSA-98: insufficient permissions checks accessing guest memory on ARM
  • CVE-2014-4021 / XSA-100: Hypervisor heap contents leaked to guests
  • CVE-2014-4022 / XSA-101: information leak via gnttab_setup_table on ARM
  • CVE-2014-5147 / XSA-102: Flaws in handling traps from 32-bit userspace on 64-bit ARM
  • CVE-2014-5148 / XSA-103: Flaw in handling unknown system register access from 64-bit userspace on ARM

Additionally a workaround for CVE-2013-3495 / XSA-59 (Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts) has been put in place. However, at this point we can’t guarantee that all affected chipsets are being covered; Intel is working diligently on providing us with a complete list.

Apart from those there are many further bug fixes and improvements.

Xen 4.3.3

Xen 4.3.3 is available immediately from its git repository http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.3 (tag RELEASE-4.3.3) or from the XenProject download page http://www.xenproject.org/downloads/xen-archives/supported-xen-43-series/xen-433.html

This fixes the following critical vulnerabilities:

  • CVE-2014-2599 / XSA-89: HVMOP_set_mem_access is not preemptible
  • CVE-2014-3124 / XSA-92: HVMOP_set_mem_type allows invalid P2M entries to be created
  • CVE-2014-3967,CVE-2014-3968 / XSA-96: Vulnerabilities in HVM MSI injection
  • CVE-2014-4021 / XSA-100: Hypervisor heap contents leaked to guests

Additionally a workaround for CVE-2013-3495 / XSA-59 (Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts) has been put in place. However, at this point we can’t guarantee that all affected chipsets are being covered; Intel is working diligently on providing us with a complete list.

Apart from those there are many further bug fixes and improvements.

Xen 4.2.5

Xen 4.2.5 is available immediately from its git repository http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.2
(tag RELEASE-4.2.5) or from the XenProject download page http://www.xenproject.org/downloads/xen-archives/supported-xen-42-series/xen-425.html

Note that this is expected to be the last release of the 4.2 stable series. The tree will be switched to security only maintenance mode after this release.

This fixes the following critical vulnerabilities:

  • CVE-2014-2599 / XSA-89: HVMOP_set_mem_access is not preemptible
  • CVE-2014-3124 / XSA-92: HVMOP_set_mem_type allows invalid P2M entries to be created
  • CVE-2014-3967,CVE-2014-3968 / XSA-96: Vulnerabilities in HVM MSI injection
  • CVE-2014-4021 / XSA-100: Hypervisor heap contents leaked to guests

Apart from those there are many further bug fixes and improvements.

Announcing Xen 4.3.2 and 4.2.4 Releases

The Xen Project is pleased to announce the availability of  two maintenance releases: Xen 4.3.2 and Xen 4.2.4.

Xen 4.3.2 Release

This release is available immediately from the git repository:

http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.3 (tag RELEASE-4.3.2)

or from the XenProject download page:

http://www.xenproject.org/downloads/xen-archives/supported-xen-43-series/xen-432.html

This fixes the following critical vulnerabilities:
Continue reading

Announcing the Release of Xen Project 4.3.1

We are pleased to announce the release of Xen 4.3.1.  The is the latest point release in the Xen 4.3 series of releases.

Downloads:

This is available immediately from its git repository:

xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.3 (tag RELEASE-4.3.1).

It is also available for download from the XenProject.org website:

xenproject.org/downloads/xen-archives/supported-xen-43-series/xen-431.html

Fixes:

This fixes the following critical vulnerabilities:

  • CVE-2013-1922 / XSA-48 qemu-nbd format-guessing due to missing format specification
  • CVE-2013-2007 / XSA-51 qemu guest agent (qga) insecure file permissions
  • CVE-2013-1442 / XSA-62 Information leak on AVX and/or LWP capable CPUs
  • CVE-2013-4355 / XSA-63 Information leaks through I/O instruction emulation
  • CVE-2013-4356 / XSA-64 Memory accessible by 64-bit PV guests under live migration
  • CVE-2013-4361 / XSA-66 Information leak through fbld instruction emulation
  • CVE-2013-4368 / XSA-67 Information leak through outs instruction emulation
  • CVE-2013-4369 / XSA-68 possible null dereference when parsing vif ratelimiting info
  • CVE-2013-4370 / XSA-69 misplaced free in ocaml xc_vcpu_getaffinity stub
  • CVE-2013-4371 / XSA-70 use-after-free in libxl_list_cpupool under memory pressure
  • CVE-2013-4375 / XSA-71 qemu disk backend (qdisk) resource leak
  • CVE-2013-4416 / XSA-72 ocaml xenstored mishandles oversized message replies

We recommend all users of the 4.3 stable series to update to this latest point release.

Among the bug fixes and improvements (around 80 since Xen 4.3.0):

  • Adjustments to XSAVE management
  • Bug fixes to nested virtualization
  • Bug fixes for other low level system state handling
  • Bug fixes to the libxl tool stack

Xen 4.1.6.1 released

I am pleased to announce the release of Xen 4.1.6.1. This is available immediately from its git repository xenbits.xen.org (tag RELEASE-4.1.6.1) or from the Xen Project download pages.

Note that 4.1.6 did not get released, as a build issue was found late in the release process, when the 4.1.6 version number was already irreversibly applied.

Xen 4.1.6.1 is a maintenance release in the 4.1 series and contains: We recommend that all users of Xen 4.1.5 upgrade to Xen 4.1.6.1.

This release fixes the following critical vulnerabilities:

  • CVE-2013-1918 / XSA-45: Several long latency operations are not preemptible
  • CVE-2013-1952 / XSA-49: VT-d interrupt remapping source validation flaw for bridges
  • CVE-2013-2076 / XSA-52: Information leak on XSAVE/XRSTOR capable AMD CPUs
  • CVE-2013-2077 / XSA-53: Hypervisor crash due to missing exception recovery on XRSTOR

Continue reading

Xen 4.2.3 released

I am pleased to announce the release of Xen 4.2.3. This is available immediately from its git repository xenbits.xen.org (tag RELEASE-4.2.3) or from the Xen Project download pages.

This release fixes the following critical vulnerabilities:

  • CVE-2013-1918 / XSA-45: Several long latency operations are not preemptible
  • CVE-2013-1952 / XSA-49: VT-d interrupt remapping source validation flaw for bridges
  • CVE-2013-2076 / XSA-52: Information leak on XSAVE/XRSTOR capable AMD CPUs
  • CVE-2013-2077 / XSA-53: Hypervisor crash due to missing exception recovery on XRSTOR
    Continue reading

Xen 4.2.1 and 4.1.4 released

I am pleased to announce the release of Xen 4.2.1 and Xen 4.1.4. These are available immediately from the following locations

We recommend that all users of Xen 4.2.0 upgrade to Xen 4.2.1 and that users of the 4.0 and 4.1 stable series upgrade to Xen 4.1.4.

Continue reading