We are pleased to announce the release of Xen 4.4.1. This is available immediately from its git repository http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.4 (tag RELEASE-4.4.1)
This release fixes the following critical vulnerabilities:
CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
CVE-2014-3125 / XSA-91 Hardware timer context is not properly context switched on ARM
CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be created
CVE-2014-2915 / XSA-93 Hardware features unintentionally exposed to guests on ARM
CVE-2014-2986 / XSA-94 ARM hypervisor crash on guest interrupt controller access
CVE-2014-3714,CVE-2014-3715,CVE-2014-3716,CVE-2014-3717 / XSA-95 input handling vulnerabilities loading guest kernel on ARM
CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
CVE-2014-3969 / XSA-98 insufficient permissions checks accessing guest memory on ARM
CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests
CVE-2014-4022 / XSA-101 information leak via gnttab_setup_table on ARM
CVE-2014-5147 / XSA-102 Flaws in handling traps from 32-bit userspace on 64-bit ARM
CVE-2014-5148 / XSA-103 Flaw in handling unknown system register access from 64-bit userspace on ARM Additionally a workaround for CVE-2013-3495 / XSA-59 (Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts) has been put in place. However, at this point we can’t guarantee that all affected chipsets are being covered; Intel is working diligently on providing us with a complete list. Apart from those there are many further bug fixes and improvements.
We recommend all users of the 4.4 stable series to update to this first point release.