Skip to content


Announcing the Release of Xen Project 4.3.1

We are pleased to announce the release of Xen 4.3.1.  The is the latest point release in the Xen 4.3 series of releases.

Downloads:

This is available immediately from its git repository:

xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.3 (tag RELEASE-4.3.1).

It is also available for download from the XenProject.org website:

xenproject.org/downloads/xen-archives/supported-xen-43-series/xen-431.html

Fixes:

This fixes the following critical vulnerabilities:

  • CVE-2013-1922 / XSA-48 qemu-nbd format-guessing due to missing format specification
  • CVE-2013-2007 / XSA-51 qemu guest agent (qga) insecure file permissions
  • CVE-2013-1442 / XSA-62 Information leak on AVX and/or LWP capable CPUs
  • CVE-2013-4355 / XSA-63 Information leaks through I/O instruction emulation
  • CVE-2013-4356 / XSA-64 Memory accessible by 64-bit PV guests under live migration
  • CVE-2013-4361 / XSA-66 Information leak through fbld instruction emulation
  • CVE-2013-4368 / XSA-67 Information leak through outs instruction emulation
  • CVE-2013-4369 / XSA-68 possible null dereference when parsing vif ratelimiting info
  • CVE-2013-4370 / XSA-69 misplaced free in ocaml xc_vcpu_getaffinity stub
  • CVE-2013-4371 / XSA-70 use-after-free in libxl_list_cpupool under memory pressure
  • CVE-2013-4375 / XSA-71 qemu disk backend (qdisk) resource leak
  • CVE-2013-4416 / XSA-72 ocaml xenstored mishandles oversized message replies

We recommend all users of the 4.3 stable series to update to this latest point release.

Among the bug fixes and improvements (around 80 since Xen 4.3.0):

  • Adjustments to XSAVE management
  • Bug fixes to nested virtualization
  • Bug fixes for other low level system state handling
  • Bug fixes to the libxl tool stack

Be Sociable and Share!

Posted in Announcements, Xen Hypervisor.

Tagged with , .


2 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

Continuing the Discussion

  1. Обновление Xen 4.3.1 с устранением 12 уязвимостей | AllUNIX.ru — Всероссийский портал о UNIX-системах linked to this post on November 1, 2013

    [...] Доступно корректирующее обновление свободного гипервизора Xen 4.3.1, в котором отмечено устранение 12 уязвимостей. Среди уязвимостей имеются проблемы, позволяющие повысить свои привилегии в гостевой системе и инициировать крах хост-системы из гостевого окружения. Кроме того, в новом выпуске улучшена поддержка инструкций XSAVE, устранены проблемы при виртуализации вложенных окружений, внесены исправления в инструментарий libxl. [...]

  2. Release: Xen 4.3.1 | Knowledge Hub Networks linked to this post on November 4, 2013

    [...] (GPLv2) and which is now transferred from Citrix to the Linux Foundation, today announced the release of version 4.3.1 of the Xen hypervisor. This so called Point release is the follow up of version [...]

You must be logged in to post a comment.