Xen 4.1.4

Xen 4.1.4 is a maintenance release in the 4.1 series and contains:

  • Fixes for the following critical vulnerabilities: We recommend all users of the 4.0 and 4.1 stable series to update to Xen 4.1.4.
    • CVE-2012-3494 / XSA-12: hypercall set_debugreg vulnerability
    • CVE-2012-3495 / XSA-13: hypercall physdev_get_free_pirq vulnerability
    • CVE-2012-3496 / XSA-14: XENMEM_populate_physmap DoS vulnerability
    • CVE-2012-3498 / XSA-16: PHYSDEVOP_map_pirq index vulnerability
    • CVE-2012-3515 / XSA-17: Qemu VT100 emulation vulnerability
    • CVE-2012-4411 / XSA-19: guest administrator can access qemu monitor console
    • CVE-2012-4535 / XSA-20: Timer overflow DoS vulnerability
    • CVE-2012-4536 / XSA-21: pirq range check DoS vulnerability
    • CVE-2012-4537 / XSA-22: Memory mapping failure DoS vulnerability
    • CVE-2012-4538 / XSA-23: Unhooking empty PAE entries DoS vulnerability
    • CVE-2012-4539 / XSA-24: Grant table hypercall infinite loop DoS vulnerability
    • CVE-2012-4544,CVE-2012-2625 / XSA-25: Xen domain builder Out-of-memory due to malicious kernel/ramdisk
    • CVE-2012-5510 / XSA-26: Grant table version switch list corruption vulnerability
    • CVE-2012-5511 / XSA-27: several HVM operations do not validate the range of their inputs
    • CVE-2012-5512 / XSA-28: HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak
    • CVE-2012-5513 / XSA-29: XENMEM_exchange may overwrite hypervisor memory
    • CVE-2012-5514 / XSA-30: Broken error handling in guest_physmap_mark_populate_on_demand()
    • CVE-2012-5515 / XSA-31: Several memory hypercall operations allow invalid extent order values
  • Among many bug fixes and improvements (almost 100 since Xen 4.1.3). Highlights are:
    • A fix for a long standing time management issue
    • Bug fixes for S3 (suspend to RAM) handling
    • Bug fixes for other low level system state handling

It also contains the following fixes from earlier maintenance releases:

  • Security fixes including CVE-2011-1583, CVE-2011-1898, CVE-2012-0217 / XSA-7, CVE-2012-0218 / XSA-8, CVE-2012-2934 / XSA-9, CVE-2012-3432 / XSA-10 and CVE-2012-3433 / XSA-11
  • Enhancements to guest introspection (VM single stepping support for very fine-grained access control)
  • Many bug fixes and improvements, such as:
    • Updates for the latest Intel/AMD CPU revisions
    • Bug fixes and improvements to the libxl tool stack
    • Bug fixes for IOMMU handling (device passthrough to HVM guests)
    • Bug fixes for host kexec/kdump
    • PV-on-HVM stability fixes (fixing some IRQ issues)
    • XSAVE cpu feature support for PV guests (allows safe use of latest multimedia instructions)
    • RAS fixes for high availability
    • fixes for offlining bad pages
    • changes to libxc, mainly of benefit to libvirt
    • New XL toolstack
    • Debug support: kexec/kdump
    • Remus (High Availability)
    • Device passthrough to HVM guests
    • Interrupt handling
    • Support for Supervisor Mode Execution Protection (SMEP)
  • Compatibility fixes for newer Linux guests, newer compilers, some old guest savefiles, newer Python, grub2, some hardware/BIOS bugs.

The Xen 4.1 release contains a number of important new features and updates including:

  • A re-architected XL toolstack that is functionally nearly equivalent to XM/XEND
  • Prototype credit2 scheduler designed for latency-sensitive workloads and very large systems
  • CPU Pools for advanced partitioning
  • Support for large systems (>255 processors and 1GB/2MB super page support)
  • Support for x86 Advanced Vector eXtension (AVX)
  • New Memory Access API enabling integration of 3rd party security solutions into Xen virtualized environments
  • Even better stability through our new automated regression tests
  • Xen 4.1 Release Notes
  • Xen 4.1 Datasheet

Documents

Created Date Friday, 08 March 2013

Xen 4.1.4

Xen 4.1.4 (hypervisor and tools) official source distribution

Created Date Friday, 08 March 2013
Modified Date Thursday, 25 April 2013

Xen 4.1.4 Signature