Xen 4.2.3 released

jbeulich

Sep 9, 2013 — 1 min read

I am pleased to announce the release of Xen 4.2.3. This is available immediately from its git repository xenbits.xen.org (tag RELEASE-4.2.3) or from the Xen Project download pages.
This release fixes the following critical vulnerabilities:

CVE-2013-1918 / XSA-45: Several long latency operations are not preemptible
CVE-2013-1952 / XSA-49: VT-d interrupt remapping source validation flaw for bridges
CVE-2013-2076 / XSA-52: Information leak on XSAVE/XRSTOR capable AMD CPUs
CVE-2013-2077 / XSA-53: Hypervisor crash due to missing exception recovery on XRSTOR
CVE-2013-2078 / XSA-54: Hypervisor crash due to missing exception recovery on XSETBV
CVE-2013-2194, CVE-2013-2195, CVE-2013-2196 / XSA-55: Multiple vulnerabilities in libelf PV kernel handling
CVE-2013-2072 / XSA-56: Buffer overflow in xencontrol Python bindings affecting xend
CVE-2013-2211 / XSA-57: libxl allows guest write access to sensitive console related xenstore keys
CVE-2013-1432 / XSA-58: Page reference counting error due to XSA-45/CVE-2013-1918 fixes
XSA-61: libxl partially sets up HVM passthrough even with disabled iommu

The following minor vulnerability is also being addressed:

CVE-2013-2007 / XSA-51: qemu guest agent (qga) insecure file permissions

We recommend all users of the 4.2 stable series to update to this latest point release. Among many bug fixes and improvements:

addressing a regression from the fix for XSA-46
bug fixes to low level system state handling, including certain hardware errata workarounds

OSS Japan 2025: A Breakthrough Year for Open Automotive Innovation

12/16/2025

The Xen Project is back from Open Source Summit Japan and Automotive Linux Summit 2025. This year’s event felt like a true watershed moment for the automotive industry and for open source. Across talks, demos, and hallway conversations, one thing was clear: open source is now a foundational pillar

🛠️ Engineering Trust: How Xen’s Open CI Powers Global, Hardware-Level Testing

07/10/2025

In safety-critical industries like automotive and industrial systems, trust is non-negotiable. When building software that controls critical hardware, like braking systems or factory automation, you need confidence. The software must behave exactly as intended. Every time. On the actual device. That's why the Xen Project is investing in

🛠️ Xen Summit 2025: Find Your Place in the Future of Virtualization

06/27/2025

The annual Xen Summit is right around the corner, and there has never been a more exciting time to be part of the Xen Project. As enterprise and industrial needs shift and proprietary vendors rethink their licensing, the industry is ready for strong, open alternatives. Xen stands out not only

Let’s Grow Xen Together!

03/18/2025

Xen is open, secure, and built for the future. As the new Community Manager, I’m focused on growing the Xen community, welcoming new contributors, and ensuring a thriving ecosystem. Let’s build the future of virtualization together!

Read more