Xen.org is pleased to announce the release of Xen 4.0.4 and 4.1.3. These are available immediately from the download pages
- Xen Hypervisor 4.1.3: Download (archives), Source (tag RELEASE-4.1.3)
- Xen Hypervisor 4.0.4: Download (archives), Source (tag RELEASE-4.0.4)
We recommend to all users of the Xen 4.1 and 4.0 stable series to update to these latest point releases. The releases contain the following fixes and improvements.
Critical vulnerabilities:
- CVE-2012-0217 / XSA-7: PV guest privilege escalation vulnerability
- CVE-2012-0218 / XSA-8: guest denial of service on syscall/sysenter exception generation
- CVE-2012-2934 / XSA-9: PV guest host Denial of Service
- CVE-2012-3432 / XSA-10: HVM guest user mode MMIO emulation DoS vulnerability
- CVE-2012-3433 / XSA-11: HVM guest destroy p2m teardown host DoS vulnerability
You can find more detailed descriptions of these vulnerabilities on the Security Announcement page.
Bug fixes:
The releases contain over 100 bug fixes and smaller improvements since Xen 4.1.2 and 4.0.3. The most significant fixes are:
- Updates for the latest Intel/AMD CPU revisions
- Bug fixes and improvements to the libxl tool stack
- Bug fixes for IOMMU handling (device passthrough to HVM guests)
- Bug fixes for host kexec/kdump
Thank you to the many contributors to the project. Should you discover any bugs, please consult the Bug Reporting Guidelines. Also note, that Xen 4.2 release candidates are available for testing and that we will run the first Xen Test Day next Tuesday. For more information see here.