Software update: Xen 4.2.3

Xen is a “virtual machine hypervisor” for the x86 platform, allowing multiple operating systems to run simultaneously on a single system without drastically impacting performance. For more information about Xen and its community, please refer to this one and this one page. Currently only Linux and NetBSD are supported as host systems, but work is underway to fully support other operating systems as well. The developers have released Xen 4.2.3 with the following changes:

Xen 4.2.3

Xen 4.2.3 is a maintenance release in the 4.2 series and contains:

This release fixes the following critical vulnerabilities:

  • CVE-2013-1918 / XSA-45: Several long latency operations are not preemptible
  • CVE-2013-1952 / XSA-49: VT-d interrupt remapping source validation flaw for bridges
  • CVE-2013-2076 / XSA-52: Information leak on XSAVE/XRSTOR capable AMD CPUs
  • CVE-2013-2077 / XSA-53: Hypervisor crash due to missing exception recovery on XRSTOR
  • CVE-2013-2078 / XSA-54: Hypervisor crash due to missing exception recovery on XSETBV
  • CVE-2013-2194, CVE-2013-2195, CVE-2013-2196 / XSA-55: Multiple vulnerabilities in libelf PV kernel handling
  • CVE-2013-2072 / XSA-56: Buffer overflow in xencontrol Python bindings affecting xend
  • CVE-2013-2211 / XSA-57: libxl allows guest write access to sensitive console related xenstore keys
  • CVE-2013-1432 / XSA-58: Page reference counting error due to XSA-45/CVE-2013-1918 fixes XSA-61: libxl partially sets up HVM passthrough even with disabled iommu
  • CVE-2013-2007 / XSA-51: qemu guest agent (qga) insecure file permissions

This release contains many bug fixes and improvements. The highlights are:

  • addressing a regression from the fix for XSA-46
  • bug fixes to low level system state handling, including certain hardware errata workarounds

We recommend that all users of Xen 4.2.2 upgrade to Xen 4.2.3.

You can also get this release from the git repository: git:// (tag RELEASE-4.2.3)

Version number 4.2.3
Release status Final
Operating systems Linux, BSD
Website xen
License type GPL