Tag Archives: 4.3.4

Xen Project Hypervisor versions 4.3.4 and 4.4.2 are available

I am pleased to announce the release of Xen 4.3.4 and Xen 4.4.2. Both releases are available immediately from their git repositories and download pages (see below). We recommend to all users of the 4.3 and 4.4 stable series to update to these latest point releases.

Xen 4.3.4

This release is available immediately from its git repository at
http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.3
(tag RELEASE-4.3.4) or from the XenProject download page.

Note that this is expected to be the last release of the 4.3 stable series. The tree will be switched to security only maintenance mode after this release.

This fixes the following critical vulnerabilities:

  • CVE-2014-5146, CVE-2014-5149 / XSA-97: Long latency virtual-mmu operations are not preemptible
  • CVE-2014-7154 / XSA-104: Race condition in HVMOP_track_dirty_vram
  • CVE-2014-7155 / XSA-105: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation
  • CVE-2014-7156 / XSA-106: Missing privilege level checks in x86 emulation of software interrupts
  • CVE-2014-7188 / XSA-108: Improper MSR range used for x2APIC emulation
  • CVE-2014-8594 / XSA-109: Insufficient restrictions on certain MMU update hypercalls
  • CVE-2014-8595 / XSA-110: Missing privilege level checks in x86 emulation of far branches
  • CVE-2014-8866 / XSA-111: Excessive checking in compatibility mode hypercall argument translation
  • CVE-2014-8867 / XSA-112: Insufficient bounding of “REP MOVS” to MMIO emulated inside the hypervisor
  • CVE-2014-9030 / XSA-113: Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling
  • CVE-2014-9065, CVE-2014-9066 / XSA-114: p2m lock starvation
  • CVE-2015-0361 / XSA-116: xen crash due to use after free on hvm guest teardown
  • CVE-2015-1563 / XSA-118: arm: vgic: incorrect rate limiting of guest triggered logging
  • CVE-2015-2152 / XSA-119: HVM qemu unexpectedly enabling emulated VGA graphics backends
  • CVE-2015-2044 / XSA-121: Information leak via internal x86 system device emulation
  • CVE-2015-2045 / XSA-122: Information leak through version information hypercall
  • CVE-2015-2151 / XSA-123: Hypervisor memory corruption due to x86 emulator flaw

Additionally a bug in the fix for CVE-2014-3969 / CVE-2015-2290 / XSA-98 (which got assigned CVE-2015-2290) got addressed.

Sadly the workaround for CVE-2013-3495 / XSA-59 (Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts) still can’t be guaranteed to cover all affected chipsets; Intel continues to be working on providing us with a complete list.

Apart from those there are many further bug fixes and improvements.

We recommend all users of the 4.3 stable series to update to this last point release.

Xen 4.4.2

This release is available immediately from its git repository at
http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.4
(tag RELEASE-4.4.2) or from the XenProject download page.

This fixes the following critical vulnerabilities:

  • CVE-2014-5146, CVE-2014-5149 / XSA-97: Long latency virtual-mmu operations are not preemptible
  • CVE-2014-7154 / XSA-104: Race condition in HVMOP_track_dirty_vram
  • CVE-2014-7155 / XSA-105: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation
  • CVE-2014-7156 / XSA-106: Missing privilege level checks in x86 emulation of software interrupts
  • CVE-2014-6268 / XSA-107: Mishandling of uninitialised FIFO-based event channel control blocks
  • CVE-2014-7188 / XSA-108: Improper MSR range used for x2APIC emulation
  • CVE-2014-8594 / XSA-109: Insufficient restrictions on certain MMU update hypercalls
  • CVE-2014-8595 / XSA-110: Missing privilege level checks in x86 emulation of far branches
  • CVE-2014-8866 / XSA-111: Excessive checking in compatibility mode hypercall argument translation
  • CVE-2014-8867 / XSA-112: Insufficient bounding of “REP MOVS” to MMIO emulated inside the hypervisor
  • CVE-2014-9030 / XSA-113: Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling
  • CVE-2014-9065, CVE-2014-9066 / XSA-114: p2m lock starvation
  • CVE-2015-0361 / XSA-116: xen crash due to use after free on hvm guest teardown
  • CVE-2015-1563 / XSA-118: arm: vgic: incorrect rate limiting of guest triggered logging
  • CVE-2015-2152 / XSA-119: HVM qemu unexpectedly enabling emulated VGA graphics backends
  • CVE-2015-2044 / XSA-121: Information leak via internal x86 system device emulation
  • CVE-2015-2045 / XSA-122: Information leak through version information hypercall
  • CVE-2015-2151 / XSA-123: Hypervisor memory corruption due to x86 emulator flaw

Additionally a bug in the fix for CVE-2014-3969 / CVE-2015-2290 / XSA-98 (which got assigned CVE-2015-2290) got addressed.

Sadly the workaround for CVE-2013-3495 / XSA-59 (Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts) still can’t be guaranteed to cover all affected chipsets; Intel continues to be working on providing us with a complete list.

Apart from those there are many further bug fixes and improvements.

We recommend all users of the 4.4 stable series to update to this first point release.

Xen.org Booth at Xen Summit – Action Shots

Here are some pictures from the Xen.org booth at Citrix Synergy.

Along with Xenoss and Cloud.com the booth has been busy with lots of people interested in learning more about Xen and open source solutions based on Xen. I will take some video of the Exhibit Hall tomorrow and post.

Xen.org Booth at NGDC/CloudWorld/OpenSource World

Xen Community:

We have a booth scheduled to promote Xen.org, the Xen Hypervisor, and associated projects in August at the NGDC/CloudWorld/OpenSourceWorld Conference in San Francisco at the Moscone Center. The event is August 12 – 13, 2009 and I have 5 passes available for people interested in helping to work the booth. I also have 20 passes available for people who want to attend the exhibit hall but are not interested in working at the booth.

Please contact me if you have any interest in working at the booth or coming to the event.  Booth volunteers will not have to work the entire time so you will have an opportunity to look around at the other exhibitors.

LinuxWorld/NGDC Event in August 2009

From August 11 – 12, 2009 the Xen.org community will be hosting a booth in the combined LinuxWord/Next Generation Data Center exhibit hall to promote our Xen hypervisor and related solutions. The event is at the Moscone Convention Center in San Francisco, CA  as part of the larger LinuxWorld and NGDC events.

The goals of having a Xen.org booth at this event:

  1. Promotion of open source Xen hypervisor as the basis for many virtualization solutions (e.g. Citrix, Oracle, etc.)
  2. Promote open source community and hypervisor solution

I have already committed to a 10×10 turnkey booth and selected a good location as we are an early registered exhibitor.

I am planning to run an onsite booth promtion that ties the Xen.org booth to the other Xen related companies that are also hosting booths at the show. I am also looking for anyone interseted in demonstrating your Xen related solution at the show in the Xen.org booth.

There is no charge for anyone wishing to show your solution in the Xen.org booth except being a booth volunteer to demonstrate your product. I am not sure how many people are interested in having their solution in the booth so I cannot guarantee the full two-days of exhibiting but I will ensure that all who chose to participate are given the maximum amount of exposure possible.

If you would like to show your Xen related project/product at this show, please contact me so I can begin to put together an exhibit hall plan. I realize that the event is in August but it takes time to co-ordinate activities for a booth at a large event and I want to give everyone in the community the opportunity to participate.

Xen.org at LinuxWorld (August 5 – 7)

The Xen.org community will have a booth  (#210) at the joint LinuxWorld / Next Generation Data Center event held in San Francisco, August 5- 7 at the Moscone Center. The booth will be staffed by myself as well as community members with spare time during the event.  If you are planning on attending this event and would like to help please let me know. I will be creating a schedule for community members later this year as we get closer to August.