Downloads

Xen 4.1.6.1

Xen 4.1.6.1 is a maintenance release in the 4.1 series and contains: We recommend that all users of Xen 4.1.5 upgrade to Xen 4.1.6.1.
Note that 4.1.6 didn’t get released, as a build issue was found late in the release process, when the 4.1.6 version number was already irreversibly applied.

This release fixes the following critical vulnerabilities:

CVE-2013-1918 / XSA-45: Several long latency operations are not preemptible
CVE-2013-1952 / XSA-49: VT-d interrupt remapping source validation flaw for bridges
CVE-2013-2076 / XSA-52: Information leak on XSAVE/XRSTOR capable AMD CPUs
CVE-2013-2077 / XSA-53: Hypervisor crash due to missing exception recovery on XRSTOR
CVE-2013-2078 / XSA-54: Hypervisor crash due to missing exception recovery on XSETBV
CVE-2013-2194, CVE-2013-2195, CVE-2013-2196 / XSA-55: Multiple vulnerabilities in libelf PV kernel handling
CVE-2013-2072 / XSA-56: Buffer overflow in xencontrol Python bindings affecting xend
CVE-2013-2211 / XSA-57: libxl allows guest write access to sensitive console related xenstore keys
CVE-2013-1432 / XSA-58: Page reference counting error due to XSA-45/CVE-2013-1918 fixes
XSA-61: libxl partially sets up HVM passthrough even with disabled iommu

This release contains many bug fixes and improvements. The highlights are:

addressing a regression from the fix for XSA-21
addressing a regression from the fix for XSA-46
bug fixes to low level system state handling, including certain hardware errata workarounds

You can also get this release from the git repository: git://xenbits.xen.org/xen.git (tag RELEASE-4.1.6.1)

Release information for other releases in the Xen 4.1 series

Xen 4.1.5
Xen 4.1.4
Xen 4.1.3
Xen 4.1.2
Xen 4.1.1
Xen 4.1.0

Xen 4.1.6.1

Xen 4.1.6.1 (hypervisor and tools) official source distribution

Note that 4.1.6 didn’t get released, as a build issue was found late in the release process, when the 4.1.6 version number was already irreversibly applied.