Xen Project 4.2.2 is a maintenance release in the 4.2 series and contains: We recommend that all users of Xen Project 4.2.1 upgrade to Xen Project 4.2.2.

This release fixes the following critical vulnerabilities:

CVE-2012-5634 / XSA-33: VT-d interrupt remapping source validation flaw
CVE-2013-0151 / XSA-34: nested virtualization on 32-bit exposes host crash
CVE-2013-0152 / XSA-35: Nested HVM exposes host to being driven out of memory by guest
CVE-2013-0153 / XSA-36: interrupt remap entries shared and old ones not cleared on AMD IOMMUs
CVE-2013-0154 / XSA-37: Hypervisor crash due to incorrect ASSERT (debug build only)
CVE-2013-0215 / XSA-38: oxenstored incorrect handling of certain Xenbus ring states
CVE-2012-6075 / XSA-41: qemu (e1000 device driver): Buffer overflow when processing large packets
CVE-2013-1917 / XSA-44: Xen PV DoS vulnerability with SYSENTER
CVE-2013-1919 / XSA-46: Several access permission issues with IRQs for unprivileged guests
CVE-2013-1920 / XSA-47: Potential use of freed memory in event channel operations
CVE-2013-1922 / XSA-48: qemu-nbd format-guessing due to missing format specification

This release contains many bug fixes and improvements (around 100 since Xen Project 4.2.1). The highlights are:

ACPI APEI/ERST finally working on production systems
Bug fixes for other low level system state handling
Bug fixes and improvements to the libxl tool stack
Bug fixes to nested virtualization

You can also get this release from the git repository: git://xenbits.xen.org/xen.git (tag RELEASE-4.2.2)

Release information for other releases in the Xen Project 4.2 series

Xen 4.2.1
Xen 4.2.0