Xen 4.1.3 has been released. Reproducible: Always
For those keen to jump to 4.1.3 I have just built and booted it with the latest 4.1.2 ebuilds copied to 4.1.3. xen, xen-tools and xen-pvgrub seem ok. Next step is try the same trick for 4.2.0....
xen 4.2 is in the virtualization overlay: layman -a virtualization
Created attachment 326840 [details] xen-4.1.3.ebuild After 2 weeks trying to get xen 4.2 xen-utils 4.2 and qemu-9999 qemu-user-9999 and libvirt-9999 to run found a patch that would work with xen 4.2 and libvirt. Must be fixed and implemented written in the list: http://lists.xen.org/archives/html/xen-devel/2012-05/msg00565.html http://lists.xen.org/archives/html/xen-devel/2012-05/msg00584.html This sound like suse, Red Had, or libvirt.org working in some time: http://lists.xen.org/archives/html/xen-devel/2012-05/msg00708.html
*** Bug 448634 has been marked as a duplicate of this bug. ***
From the release notes at $URL: Fixes for the following critical vulnerabilities: We recommend all users of the 4.0 and 4.1 stable series to update to Xen 4.1.4. CVE-2012-3494 / XSA-12: hypercall set_debugreg vulnerability CVE-2012-3495 / XSA-13: hypercall physdev_get_free_pirq vulnerability CVE-2012-3496 / XSA-14: XENMEM_populate_physmap DoS vulnerability CVE-2012-3498 / XSA-16: PHYSDEVOP_map_pirq index vulnerability CVE-2012-3515 / XSA-17: Qemu VT100 emulation vulnerability CVE-2012-4411 / XSA-19: guest administrator can access qemu monitor console CVE-2012-4535 / XSA-20: Timer overflow DoS vulnerability CVE-2012-4536 / XSA-21: pirq range check DoS vulnerability CVE-2012-4537 / XSA-22: Memory mapping failure DoS vulnerability CVE-2012-4538 / XSA-23: Unhooking empty PAE entries DoS vulnerability CVE-2012-4539 / XSA-24: Grant table hypercall infinite loop DoS vulnerability CVE-2012-4544,CVE-2012-2625 / XSA-25: Xen domain builder Out-of-memory due to malicious kernel/ramdisk CVE-2012-5510 / XSA-26: Grant table version switch list corruption vulnerability CVE-2012-5511 / XSA-27: several HVM operations do not validate the range of their inputs CVE-2012-5512 / XSA-28: HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak CVE-2012-5513 / XSA-29: XENMEM_exchange may overwrite hypervisor memory CVE-2012-5514 / XSA-30: Broken error handling in guest_physmap_mark_populate_on_demand() CVE-2012-5515 / XSA-31: Several memory hypercall operations allow invalid extent order values The first 13 CVE's are listed for bugs 440768 and 445254. These issues fixed in 4.1.4 and 4.2.1.
*** Bug 450498 has been marked as a duplicate of this bug. ***
CVE-2012-5525 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5525): The get_page_from_gfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause a denial of service (crash) via a crafted GFN that triggers a buffer over-read. CVE-2012-5515 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5515): The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop and hang) via a crafted extent_order value. CVE-2012-5514 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5514): The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to cause a denial of service (hang) via unspecified vectors. CVE-2012-5513 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5513): The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range. CVE-2012-5512 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5512): Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors. CVE-2012-5511 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5511): Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image. CVE-2012-5510 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5510): Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors.
ok bottool, duly noted. I shall concentrate on this forthwith
*xen-4.2.1 (24 Jan 2013) 24 Jan 2013; Ian Delaney <idella4@gentoo.org> +files/xen-4-fix_dotconfig-gcc.patch, +xen-4.2.1.ebuild: bump
(In reply to comment #9) > *xen-4.2.1 (24 Jan 2013) > > 24 Jan 2013; Ian Delaney <idella4@gentoo.org> > +files/xen-4-fix_dotconfig-gcc.patch, +xen-4.2.1.ebuild: > bump Will the 4.1.x branch also be bumped for stabilization or should we stabilize 4.2.1?
CVE-2012-6333 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6333): Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input.
4.2.2 stabilized elsewhere. Added to GLSA request.
This issue was resolved and addressed in GLSA 201309-24 at http://security.gentoo.org/glsa/glsa-201309-24.xml by GLSA coordinator Chris Reffett (creffett).
