Xen Project 4.2.2

Xen Project 4.2.2 is a maintenance release in the 4.2 series and contains: We recommend that all users of Xen Project 4.2.1 upgrade to Xen Project 4.2.2.

  • This release fixes the following critical vulnerabilities:
    • CVE-2012-5634 / XSA-33: VT-d interrupt remapping source validation flaw
    • CVE-2013-0151 / XSA-34: nested virtualization on 32-bit exposes host crash
    • CVE-2013-0152 / XSA-35: Nested HVM exposes host to being driven out of memory by guest
    • CVE-2013-0153 / XSA-36: interrupt remap entries shared and old ones not cleared on AMD IOMMUs
    • CVE-2013-0154 / XSA-37: Hypervisor crash due to incorrect ASSERT (debug build only)
    • CVE-2013-0215 / XSA-38: oxenstored incorrect handling of certain Xenbus ring states
    • CVE-2012-6075 / XSA-41: qemu (e1000 device driver): Buffer overflow when processing large packets
    • CVE-2013-1917 / XSA-44: Xen PV DoS vulnerability with SYSENTER
    • CVE-2013-1919 / XSA-46: Several access permission issues with IRQs for unprivileged guests
    • CVE-2013-1920 / XSA-47: Potential use of freed memory in event channel operations
    • CVE-2013-1922 / XSA-48: qemu-nbd format-guessing due to missing format specification
  • This release contains many bug fixes and improvements (around 100 since Xen Project 4.2.1). The highlights are:
    • ACPI APEI/ERST finally working on production systems
    • Bug fixes for other low level system state handling
    • Bug fixes and improvements to the libxl tool stack
    • Bug fixes to nested virtualization

You can also get this release from the git repository: git://xenbits.xen.org/xen.git (tag RELEASE-4.2.2)

Release information for other releases in the Xen Project 4.2 series

Documents

Created Date Thursday, 25 April 2013

Xen 4.2.2

Xen 4.2.2 (hypervisor and tools) official source distribution

Created Date Friday, 08 March 2013
Modified Date Thursday, 25 April 2013

Xen 4.2.2 Signature