We are pleased to announce the release of Xen 4.3.4. This is available immediately from its git repository
http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.3 (tag RELEASE-4.3.4) or from this page.
Note that this is expected to be the last release of the 4.3 stable series. The tree will be switched to security only maintenance mode after this release.
This fixes the following critical vulnerabilities:
CVE-2014-5146, CVE-2014-5149 / XSA-97: Long latency virtual-mmu operations are not preemptible
CVE-2014-7154 / XSA-104: Race condition in HVMOP_track_dirty_vram
CVE-2014-7155 / XSA-105: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation
CVE-2014-7156 / XSA-106: Missing privilege level checks in x86 emulation of software interrupts
CVE-2014-7188 / XSA-108: Improper MSR range used for x2APIC emulation
CVE-2014-8594 / XSA-109: Insufficient restrictions on certain MMU update hypercalls
CVE-2014-8595 / XSA-110: Missing privilege level checks in x86 emulation of far branches
CVE-2014-8866 / XSA-111: Excessive checking in compatibility mode hypercall argument translation
CVE-2014-8867 / XSA-112: Insufficient bounding of “REP MOVS” to MMIO emulated inside the hypervisor
CVE-2014-9030 / XSA-113: Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling
CVE-2014-9065, CVE-2014-9066 / XSA-114: p2m lock starvation
CVE-2015-0361 / XSA-116: xen crash due to use after free on hvm guest teardown
CVE-2015-1563 / XSA-118: arm: vgic: incorrect rate limiting of guest triggered logging
CVE-2015-2152 / XSA-119: HVM qemu unexpectedly enabling emulated VGA graphics backends
CVE-2015-2044 / XSA-121: Information leak via internal x86 system device emulation
CVE-2015-2045 / XSA-122: Information leak through version information hypercall
CVE-2015-2151 / XSA-123: Hypervisor memory corruption due to x86 emulator flaw
Additionally a bug in the fix for CVE-2014-3969 / CVE-2015-2290 / XSA-98 (which got assigned CVE-2015-2290) got addressed.
Sadly the workaround for CVE-2013-3495 / XSA-59 (Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts) still can’t be guaranteed to cover all affected chipsets; Intel continues to be working on providing us with a complete list.
Apart from those there are many further bug fixes and improvements.
We recommend all users of the 4.3 stable series to update to this latest point release.