Supported Xen Project 4.1 series

Categories

Xen 4.1.6.1

Xen 4.1.6.1 is a maintenance release in the 4.1 series and contains: We recommend that all users of Xen 4.1.5 upgrade to Xen 4.1.6.1.

Note that 4.1.6 didn't get released, as a build issue was found late in the release process, when the 4.1.6 version number was already irreversibly applied.

  • This release fixes the following critical vulnerabilities:
    • CVE-2013-1918 / XSA-45: Several long latency operations are not preemptible
    • CVE-2013-1952 / XSA-49: VT-d interrupt remapping source validation flaw for bridges
    • CVE-2013-2076 / XSA-52: Information leak on XSAVE/XRSTOR capable AMD CPUs
    • CVE-2013-2077 / XSA-53: Hypervisor crash due to missing exception recovery on XRSTOR
    • CVE-2013-2078 / XSA-54: Hypervisor crash due to missing exception recovery on XSETBV
    • CVE-2013-2194, CVE-2013-2195, CVE-2013-2196 / XSA-55: Multiple vulnerabilities in libelf PV kernel handling
    • CVE-2013-2072 / XSA-56: Buffer overflow in xencontrol Python bindings affecting xend
    • CVE-2013-2211 / XSA-57: libxl allows guest write access to sensitive console related xenstore keys
    • CVE-2013-1432 / XSA-58: Page reference counting error due to XSA-45/CVE-2013-1918 fixes
    • XSA-61: libxl partially sets up HVM passthrough even with disabled iommu
  • This release contains many bug fixes and improvements. The highlights are:
    • addressing a regression from the fix for XSA-21
    • addressing a regression from the fix for XSA-46
    • bug fixes to low level system state handling, including certain hardware errata workarounds

You can also get this release from the git repository: git://xenbits.xen.org/xen.git (tag RELEASE-4.1.6.1)

Release information for other releases in the Xen 4.1 series

Xen 4.1.6 (not released)

Note that Xen 4.1.6 did not get released, as a build issue was found late in the release process, when the 4.1.6 version number was already irreversibly applied.

Please go to Xen 4.1.6.1 instead

Xen 4.1.5

Xen 4.1.5 is a maintenance release in the 4.1 series and contains: We recommend that all users of Xen 4.1.4 upgrade to Xen 4.1.5.

  • This release fixes the following critical vulnerabilities:
    • CVE-2012-5634 / XSA-33: VT-d interrupt remapping source validation flaw
    • CVE-2013-0153 / XSA-36: interrupt remap entries shared and old ones not cleared on AMD IOMMUs
    • CVE-2013-0215 / XSA-38: oxenstored incorrect handling of certain Xenbus ring states
    • CVE-2012-6075 / XSA-41: qemu (e1000 device driver): Buffer overflow when processing large packets
    • CVE-2013-1917 / XSA-44: Xen PV DoS vulnerability with SYSENTER
    • CVE-2013-1919 / XSA-46: Several access permission issues with IRQs for unprivileged guests
    • CVE-2013-1920 / XSA-47: Potential use of freed memory in event channel operations
    • CVE-2013-1964 / XSA-50: grant table hypercall acquire/release imbalance
  • This release contains many bug fixes and improvements (around 50 since Xen 4.1.4). The highlights are:
    • ACPI APEI/ERST finally working on production systems
    • Bug fixes for other low level system state handling
    • Support for xz compressed Dom0 and DomU kernels

You can also get this release from the git repository: git://xenbits.xen.org/xen.git (tag RELEASE-4.1.5)

Release information for other releases in the Xen 4.1 series

Xen 4.1.4

Xen 4.1.4 is a maintenance release in the 4.1 series and contains:

  • Fixes for the following critical vulnerabilities: We recommend all users of the 4.0 and 4.1 stable series to update to Xen 4.1.4.
    • CVE-2012-3494 / XSA-12: hypercall set_debugreg vulnerability
    • CVE-2012-3495 / XSA-13: hypercall physdev_get_free_pirq vulnerability
    • CVE-2012-3496 / XSA-14: XENMEM_populate_physmap DoS vulnerability
    • CVE-2012-3498 / XSA-16: PHYSDEVOP_map_pirq index vulnerability
    • CVE-2012-3515 / XSA-17: Qemu VT100 emulation vulnerability
    • CVE-2012-4411 / XSA-19: guest administrator can access qemu monitor console
    • CVE-2012-4535 / XSA-20: Timer overflow DoS vulnerability
    • CVE-2012-4536 / XSA-21: pirq range check DoS vulnerability
    • CVE-2012-4537 / XSA-22: Memory mapping failure DoS vulnerability
    • CVE-2012-4538 / XSA-23: Unhooking empty PAE entries DoS vulnerability
    • CVE-2012-4539 / XSA-24: Grant table hypercall infinite loop DoS vulnerability
    • CVE-2012-4544,CVE-2012-2625 / XSA-25: Xen domain builder Out-of-memory due to malicious kernel/ramdisk
    • CVE-2012-5510 / XSA-26: Grant table version switch list corruption vulnerability
    • CVE-2012-5511 / XSA-27: several HVM operations do not validate the range of their inputs
    • CVE-2012-5512 / XSA-28: HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak
    • CVE-2012-5513 / XSA-29: XENMEM_exchange may overwrite hypervisor memory
    • CVE-2012-5514 / XSA-30: Broken error handling in guest_physmap_mark_populate_on_demand()
    • CVE-2012-5515 / XSA-31: Several memory hypercall operations allow invalid extent order values
  • Among many bug fixes and improvements (almost 100 since Xen 4.1.3). Highlights are:
    • A fix for a long standing time management issue
    • Bug fixes for S3 (suspend to RAM) handling
    • Bug fixes for other low level system state handling

It also contains the following fixes from earlier maintenance releases:

  • Security fixes including CVE-2011-1583, CVE-2011-1898, CVE-2012-0217 / XSA-7, CVE-2012-0218 / XSA-8, CVE-2012-2934 / XSA-9, CVE-2012-3432 / XSA-10 and CVE-2012-3433 / XSA-11
  • Enhancements to guest introspection (VM single stepping support for very fine-grained access control)
  • Many bug fixes and improvements, such as:
    • Updates for the latest Intel/AMD CPU revisions
    • Bug fixes and improvements to the libxl tool stack
    • Bug fixes for IOMMU handling (device passthrough to HVM guests)
    • Bug fixes for host kexec/kdump
    • PV-on-HVM stability fixes (fixing some IRQ issues)
    • XSAVE cpu feature support for PV guests (allows safe use of latest multimedia instructions)
    • RAS fixes for high availability
    • fixes for offlining bad pages
    • changes to libxc, mainly of benefit to libvirt
    • New XL toolstack
    • Debug support: kexec/kdump
    • Remus (High Availability)
    • Device passthrough to HVM guests
    • Interrupt handling
    • Support for Supervisor Mode Execution Protection (SMEP)
  • Compatibility fixes for newer Linux guests, newer compilers, some old guest savefiles, newer Python, grub2, some hardware/BIOS bugs.

The Xen 4.1 release contains a number of important new features and updates including:

  • A re-architected XL toolstack that is functionally nearly equivalent to XM/XEND
  • Prototype credit2 scheduler designed for latency-sensitive workloads and very large systems
  • CPU Pools for advanced partitioning
  • Support for large systems (>255 processors and 1GB/2MB super page support)
  • Support for x86 Advanced Vector eXtension (AVX)
  • New Memory Access API enabling integration of 3rd party security solutions into Xen virtualized environments
  • Even better stability through our new automated regression tests
  • Xen 4.1 Release Notes
  • Xen 4.1 Datasheet

Xen 4.1.3

xen 41 banner

The Xen 4.1 release contains a number of important new features and updates including:

  • A re-architected XL toolstack that is functionally nearly equivalent to XM/XEND
  • Prototype credit2 scheduler designed for latency-sensitive workloads and very large systems
  • CPU Pools for advanced partitioning
  • Support for large systems (>255 processors and 1GB/2MB super page support)
  • Support for x86 Advanced Vector eXtension (AVX)
  • New Memory Access API enabling integration of 3rd party security solutions into Xen virtualized environments
  • Even better stability through our new automated regression tests
  • Xen 4.1 Release Notes
  • Xen 4.1 Datasheet

Xen 4.1.3 is a maintenance release in the 4.1 series and contains:

  • Fixes for the following critical vulnerabilities: We recommend all users of the 4.0 and 4.1 stable series to update to these latest point releases.
    • CVE-2012-0217 / XSA-7: PV guest privilege escalation vulnerability
    • CVE-2012-0218 / XSA-8: guest denial of service on syscall/sysenter exception generation
    • CVE-2012-2934 / XSA-9: PV guest host Denial of Service
    • CVE-2012-3432 / XSA-10: HVM guest user mode MMIO emulation DoS vulnerability
    • CVE-2012-3433 / XSA-11: HVM guest destroy p2m teardown host DoS vulnerabilit
  • Among many bug fixes and improvements (over 100 since Xen 4.1.2). Highlights are:
    • Updates for the latest Intel/AMD CPU revisions
    • Bug fixes and improvements to the libxl tool stack
    • Bug fixes for IOMMU handling (device passthrough to HVM guests)
    • Bug fixes for host kexec/kdump

It also contains the following fixes from earlier maintenance releases:

  • Security fixes including CVE-2011-1583 and CVE-2011-1898
  • Enhancements to guest introspection (VM single stepping support for very fine-grained access control)
  • Many stability improvements, such as:
    • PV-on-HVM stability fixes (fixing some IRQ issues)
    • XSAVE cpu feature support for PV guests (allows safe use of latest multimedia instructions)
    • RAS fixes for high availability
    • fixes for offlining bad pages
    • changes to libxc, mainly of benefit to libvirt
    • New XL toolstack
    • Debug support: kexec/kdump
    • Remus (High Availability)
    • Device passthrough to HVM guests
    • Interrupt handling
    • Support for Supervisor Mode Execution Protection (SMEP)
  • Compatibility fixes for newer Linux guests, newer compilers, some old guest savefiles, newer Python, grub2, some hardware/BIOS bugs.

Xen 4.1.2

xen 41 banner

The Xen 4.1 release contains a number of important new features and updates including:

  • A re-architected XL toolstack that is functionally nearly equivalent to XM/XEND
  • Prototype credit2 scheduler designed for latency-sensitive workloads and very large systems
  • CPU Pools for advanced partitioning
  • Support for large systems (>255 processors and 1GB/2MB super page support)
  • Support for x86 Advanced Vector eXtension (AVX)
  • New Memory Access API enabling integration of 3rd party security solutions into Xen virtualized environments
  • Even better stability through our new automated regression tests
  • Xen 4.1 Release Notes
  • Xen 4.1 Datasheet

Xen 4.1.2 is a maintenance release in the 4.1 series and contains:

  • Stability improvements and bug fixes in
    • New XL toolstack
    • Debug support: kexec/kdump
    • Remus (High Availability)
    • Device passthrough to HVM guests
    • Interrupt handling
    • Support for Supervisor Mode Execution Protection (SMEP)

It also contains the Xen 4.1.1 fixes:

  • Security fixes including CVE-2011-1583 and CVE-2011-1898
  • Enhancements to guest introspection (VM single stepping support for very fine-grained access control)
  • Many stability improvements, such as:
    • PV-on-HVM stability fixes (fixing some IRQ issues)
    • XSAVE cpu feature support for PV guests (allows safe use of latest multimedia instructions)
    • RAS fixes for high availability
    • fixes for offlining bad pages
    • changes to libxc, mainly of benefit to libvirt
  • Compatibility fixes for newer Linux guests, newer compilers, some old guest savefiles, newer Python, grub2, some hardware/BIOS bugs.

Xen 4.1.1

xen 41 banner

The Xen 4.1 release contains a number of important new features and updates including:

  • A re-architected XL toolstack that is functionally nearly equivalent to XM/XEND
  • Prototype credit2 scheduler designed for latency-sensitive workloads and very large systems
  • CPU Pools for advanced partitioning
  • Support for large systems (>255 processors and 1GB/2MB super page support)
  • Support for x86 Advanced Vector eXtension (AVX)
  • New Memory Access API enabling integration of 3rd party security solutions into Xen virtualized environments
  • Even better stability through our new automated regression tests
  • Xen 4.1 Release Notes
  • Xen 4.1 Datasheet

Xen 4.1.1 is a maintenance release in the 4.1 series and contains:

  • Security fixes including CVE-2011-1583 and CVE-2011-1898
  • Enhancements to guest introspection (VM single stepping support for very fine-grained access control)
  • Many stability improvements, such as:
    • PV-on-HVM stability fixes (fixing some IRQ issues)
    • XSAVE cpu feature support for PV guests (allows safe use of latest multimedia instructions)
    • RAS fixes for high availability
    • fixes for offlining bad pages
    • changes to libxc, mainly of benefit to libvirt
  • Compatibility fixes for newer Linux guests, newer compilers, some old guest savefiles, newer Python, grub2, some hardware/BIOS bugs.

Xen 4.1.0

xen 41 banner

The Xen 4.1 release contains a number of important new features and updates including:

  • A re-architected XL toolstack that is functionally nearly equivalent to XM/XEND
  • Prototype credit2 scheduler designed for latency-sensitive workloads and very large systems
  • CPU Pools for advanced partitioning
  • Support for large systems (>255 processors and 1GB/2MB super page support)
  • Support for x86 Advanced Vector eXtension (AVX)
  • New Memory Access API enabling integration of 3rd party security solutions into Xen virtualized environments
  • Even better stability through our new automated regression tests
  • Xen 4.1 Release Notes
  • Xen 4.1 Datasheet