Download Xen 4.1.5

Xen is a “virtual machine hypervisor” for the x86 platform, allowing multiple operating systems to run simultaneously on a single system without drastically impacting performance. For more information about Xen and its community, please refer to this one and this one pages. Currently only Linux and NetBSD are supported as host systems, but work is underway to fully support other operating systems as well. The developers released Xen 4.1.5 a few days ago with the following changes:

Version 4.1.5

Xen 4.1.5 is a maintenance release in the 4.1 series and contains: We recommend that all users of Xen 4.1.4 upgrade to Xen 4.1.5.

This release fixes the following critical vulnerabilities:

• CVE-2012-5634 / XSA-33: VT-d interrupt remapping source validation flaw
• CVE-2013-0153 / XSA-36: interrupt remap entries shared and old ones not cleared on AMD IOMMUs
• CVE-2013-0215 ​​/ XSA-38: oxenstored incorrect handling of certain Xenbus ring states
• CVE-2012-6075 / XSA-41: qemu (e1000 device driver): Buffer overflow when processing large packets
• CVE-2013-1917 / XSA-44: Xen PV DoS vulnerability with SYSENTER
• CVE-2013-1919 / XSA-46: Several access permission issues with IRQs for unprivileged guests
• CVE-2013-1920 / XSA-47: Potential use of freed memory in event channel operations
• CVE-2013-1964 / XSA-50: grant table hypercall acquire/release imbalance

This release contains many bug fixes and improvements (around 50 since Xen 4.1.4). The highlights are:

• ACPI APEI/ERST finally working on production systems
• Bug fixes for other low level system state handling
• Support for xz compressed Dom0 and DomU kernels

Version 4.1.4

Xen 4.1.4 is a maintenance release in the 4.1 series and contains:

Fixes for the following critical vulnerabilities: We recommend all users of the 4.0 and 4.1 stable series to update to Xen 4.1.4.

• CVE-2012-3494 / XSA-12: hypercall set_debugreg vulnerability
• CVE-2012-3495 / XSA-13: hypercall physdev_get_free_pirq vulnerability
• CVE-2012-3496 / XSA-14: XENMEM_populate_physmap DoS vulnerability
• CVE-2012-3498 / XSA-16: PHYSDEVOP_map_pirq index vulnerability
• CVE-2012-3515 / XSA-17: Qemu VT100 emulation vulnerability
• CVE-2012-4411 / XSA-19: guest administrator can access qemu monitor console
• CVE-2012-4535 / XSA-20: Timer overflow DoS vulnerability
• CVE-2012-4536 / XSA-21: pirq range check DoS vulnerability
• CVE-2012-4537 / XSA-22: Memory mapping failure DoS vulnerability
• CVE-2012-4538 / XSA-23: Unhooking empty PAE entries DoS vulnerability
• CVE-2012-4539 / XSA-24: Grant table hypercall infinite loop DoS vulnerability
• CVE-2012-4544,CVE-2012-2625 / XSA-25: Xen domain builder Out-of-memory due to malicious kernel/ramdisk
• CVE-2012-5510 / XSA-26: Grant table version switch list corruption vulnerability
• CVE-2012-5511 / XSA-27: several HVM operations do not validate the range of their inputs
• CVE-2012-5512 / XSA-28: HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak
• CVE-2012-5513 / XSA-29: XENMEM_exchange may overwrite hypervisor memory
• CVE-2012-5514 / XSA-30: Broken error handling in guest_physmap_mark_populate_on_demand()
• CVE-2012-5515 / XSA-31: Several memory hypercall operations allow invalid extent order values

Among many bug fixes and improvements (almost 100 since Xen 4.1.3). Highlights are:

• A fix for a long standing time management issue
• Bug fixes for S3 (suspend to RAM) handling
• Bug fixes for other low level system state handling

Version 4.1.3

Xen 4.1.3 is a maintenance release in the 4.1 series and contains:

Fixes for the following critical vulnerabilities: We recommend all users of the 4.0 and 4.1 stable series to update to these latest point releases.

• CVE-2012-0217 / XSA-7: PV guest privilege escalation vulnerability
• CVE-2012-0218 / XSA-8: guest denial of service on syscall/sysenter exception generation
• CVE-2012-2934 / XSA-9: PV guest host Denial of Service
• CVE-2012-3432 / XSA-10: HVM guest user mode MMIO emulation DoS vulnerability
• CVE-2012-3433 / XSA-11: HVM guest destroy p2m teardown host DoS vulnerability

Among many bug fixes and improvements (over 100 since Xen 4.1.2). Highlights are:

• Updates for the latest Intel/AMD CPU revisions
• Bug fixes and improvements to the libxl tool stack
• Bug fixes for IOMMU handling (device passthrough to HVM guests)
• Bug fixes for host kexec/kdump

Version 4.1.2Xen 4.1.2 is a maintenance release in the 4.1 series and contains:

Stability improvements and bug fixes in

• New XL tool stack
• Debug support: kexec/kdump
• Remus (High Availability)
• Device passthrough to HVM guests
• Interrupt handling
• Support for Supervisor Mode Execution Protection (SMEP)

Version 4.1.1

Xen 4.1.1 is a maintenance release in the 4.1 series and contains:

• Security fixes including CVE-2011-1583 and CVE-2011-1898
• Enhancements to guest introspection (VM single stepping support for very fine-grained access control)
• Many stability improvements, such as:
  • PV-on-HVM stability fixes (fixing some IRQ issues)
  • XSAVE cpu feature support for PV guests (allows safe use of latest multimedia instructions)
  • RAS fixes for high availability
  • fixes for offline bad pages
  • changes to libxc, mainly of benefit to libvirt
• Compatibility fixes for newer Linux guests, newer compilers, some old guest savefiles, newer Python, grub2, some hardware/BIOS bugs.