Announcements

Xen Project Maintenance Releases Available (Versions 4.4.1, 4.3.3, 4.2.5)

jbeulich

jbeulich

2 min read

I am pleased to announce the release of Xen 4.4.1, 4.3.3 and 4.2.5. We recommend that all users of the 4.4, 4.3 and 4.2 stable series update to the latest point release.

Xen 4.4.1

Xen 4.4.1 is available immediately from its git repository http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.4
(tag RELEASE-4.4.1) or from the XenProject download page http://www.xenproject.org/downloads/xen-archives/supported-xen-44-series/xen-441.html
This release fixes the following critical vulnerabilities:

  • CVE-2014-2599 / XSA-89: HVMOP_set_mem_access is not preemptible
  • CVE-2014-3125 / XSA-91: Hardware timer context is not properly context switched on ARM
  • CVE-2014-3124 / XSA-92: HVMOP_set_mem_type allows invalid P2M entries to be created
  • CVE-2014-2915 / XSA-93: Hardware features unintentionally exposed to guests on ARM
  • CVE-2014-2986 / XSA-94: ARM hypervisor crash on guest interrupt controller access
  • CVE-2014-3714,CVE-2014-3715,CVE-2014-3716,CVE-2014-3717 / XSA-95: input handling vulnerabilities loading guest kernel on ARM
  • CVE-2014-3967,CVE-2014-3968 / XSA-96: Vulnerabilities in HVM MSI injection
  • CVE-2014-3969 / XSA-98: insufficient permissions checks accessing guest memory on ARM
  • CVE-2014-4021 / XSA-100: Hypervisor heap contents leaked to guests
  • CVE-2014-4022 / XSA-101: information leak via gnttab_setup_table on ARM
  • CVE-2014-5147 / XSA-102: Flaws in handling traps from 32-bit userspace on 64-bit ARM
  • CVE-2014-5148 / XSA-103: Flaw in handling unknown system register access from 64-bit userspace on ARM

Additionally a workaround for CVE-2013-3495 / XSA-59 (Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts) has been put in place. However, at this point we can’t guarantee that all affected chipsets are being covered; Intel is working diligently on providing us with a complete list.
Apart from those there are many further bug fixes and improvements.

Xen 4.3.3

Xen 4.3.3 is available immediately from its git repository http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.3 (tag RELEASE-4.3.3) or from the XenProject download page http://www.xenproject.org/downloads/xen-archives/supported-xen-43-series/xen-433.html
This fixes the following critical vulnerabilities:

  • CVE-2014-2599 / XSA-89: HVMOP_set_mem_access is not preemptible
  • CVE-2014-3124 / XSA-92: HVMOP_set_mem_type allows invalid P2M entries to be created
  • CVE-2014-3967,CVE-2014-3968 / XSA-96: Vulnerabilities in HVM MSI injection
  • CVE-2014-4021 / XSA-100: Hypervisor heap contents leaked to guests

Additionally a workaround for CVE-2013-3495 / XSA-59 (Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts) has been put in place. However, at this point we can’t guarantee that all affected chipsets are being covered; Intel is working diligently on providing us with a complete list.
Apart from those there are many further bug fixes and improvements.

Xen 4.2.5

Xen 4.2.5 is available immediately from its git repository http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.2
(tag RELEASE-4.2.5) or from the XenProject download page http://www.xenproject.org/downloads/xen-archives/supported-xen-42-series/xen-425.html
Note that this is expected to be the last release of the 4.2 stable series. The tree will be switched to security only maintenance mode after this release.
This fixes the following critical vulnerabilities:

  • CVE-2014-2599 / XSA-89: HVMOP_set_mem_access is not preemptible
  • CVE-2014-3124 / XSA-92: HVMOP_set_mem_type allows invalid P2M entries to be created
  • CVE-2014-3967,CVE-2014-3968 / XSA-96: Vulnerabilities in HVM MSI injection
  • CVE-2014-4021 / XSA-100: Hypervisor heap contents leaked to guests

Apart from those there are many further bug fixes and improvements.

Read more

Xen Project Announces Performance and Security Advancements with Release of 4.19
Aug 05 2024

New release marks significant enhancements in performance, security, and versatility across various architectures.  SAN FRANCISCO – July 31st, 2024 – The Xen Project, an open source project under the Linux Foundation, is proud to announce the release of Xen Project 4.19. This release marks a significant milestone in enhancing performance, security,

by Olivier Lambert
Read more
Upcoming Closure of Xen Project Colo Facility
Jul 10 2024

Dear Xen Community, We regret to inform you that the Xen Project is currently experiencing unexpected changes due to the sudden shutdown of our colocated (colo) data center facility by Synoptek. This incident is beyond our control and will impact the continuity of OSSTest (the gating Xen Project CI loop)

by Olivier Lambert
Read more
Xen Summit Talks Now Live on YouTube!
Jun 18 2024

Hello Xen Community! We have some thrilling news to share with you all. The highly anticipated talks from this year’s Xen Summit are now live on YouTube! Whether you attended the summit in person or couldn’t make it this time, you can now access all the insightful presentations

by Olivier Lambert
Read more
Get ready for Xen Summit 2024!
May 24 2024

With less than 2 weeks to go, are you ready? The Xen Project is gearing up for a summit full of discussions, collaboration and innovation. If you haven’t already done so – get involved by submitting a design session topic. Don’t worry if you can’t attend in person,

by Olivier Lambert
Read more