Xen 4.0.4
Xen 4.0.4 (hypervisor and tools) official source distribution
Xen 4.0.4
The Xen 4.0 release contains a number of important new features and updates including:
Blktap2 – High performance VHD implementation supporting snaphots and clonces including live snapshots
Netchannel2 – Support for new Smart NICs with multi-queue and SR-IOV functionality
Fault Tolerance – Live transactional synchronization of VM state between physical servers
Libxenlight – New library providing higher-level control of Xen between various toolstacks
PV-USB and VGA Pass-through
Xen 4.0.x Release Notes
Xen 4.0 Datasheet
Xen 4.0.4 is a maintenance release in the 4.0 series and contains:
Fixes for the following critical vulnerabilities: We recommend all users of the 4.0 and 4.1 stable series to update to these latest point releases.
CVE-2012-0217 / XSA-7: PV guest privilege escalation vulnerability
CVE-2012-0218 / XSA-8: guest denial of service on syscall/sysenter exception generation
CVE-2012-2934 / XSA-9: PV guest host Denial of Service
CVE-2012-3432 / XSA-10: HVM guest user mode MMIO emulation DoS vulnerability
CVE-2012-3433 / XSA-11: HVM guest destroy p2m teardown host DoS vulnerabilit
Among many bug fixes and improvements (over 100 since Xen 4.1.2). Highlights are:
Updates for the latest Intel/AMD CPU revisions
Bug fixes and improvements to the libxl tool stack
Bug fixes for IOMMU handling (device passthrough to HVM guests)
Bug fixes for host kexec/kdump
It also contains the following fixes from earlier maintenance releases:
Security fixes including CVE-2011-1583 and CVE-2011-1898
Enhancements to guest introspection (VM single stepping support for very fine-grained access control)
Many stability improvements, such as:
PV-on-HVM stability fixes (fixing some IRQ issues)
XSAVE cpu feature support for PV guests (allows safe use of latest multimedia instructions)
RAS fixes for high availability
fixes for offlining bad pages
changes to libxc, mainly of benefit to libvirt
New XL toolstack
Debug support: kexec/kdump
Remus (High Availability)
Device passthrough to HVM guests
Interrupt handling
Support for Supervisor Mode Execution Protection (SMEP)
Compatibility fixes for newer Linux guests, newer compilers, some old guest savefiles, newer Python, grub2, some hardware/BIOS bugs.