|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [ANNOUNCE] Xen 4.3.3 released
All, I am pleased to announce the release of Xen 4.3.3. This is available immediately from its git repository http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.3 (tag RELEASE-4.3.3) or from the XenProject download page http://www.xenproject.org/downloads/xen-archives/supported-xen-43-series/xen-433.html This fixes the following critical vulnerabilities: * CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible * CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be created * CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection * CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests Additionally a workaround for CVE-2013-3495 / XSA-59 (Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts) has been put in place. However, at this point we can't guarantee that all affected chipsets are being covered; Intel is working diligently on providing us with a complete list. Apart from those there are many further bug fixes and improvements. We recommend all users of the 4.3 stable series to update to this latest point release. Regards, Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |