098762889a
---- 4.2.2 Xen 4.2.2 is a maintenance release in the 4.2 series and contains: We recommend that all users of Xen 4.2.1 upgrade to Xen 4.2.2. This release fixes the following critical vulnerabilities: CVE-2012-5634 / XSA-33: VT-d interrupt remapping source validation flaw CVE-2013-0151 / XSA-34: nested virtualization on 32-bit exposes host crash CVE-2013-0152 / XSA-35: Nested HVM exposes host to being driven out of memory by guest CVE-2013-0153 / XSA-36: interrupt remap entries shared and old ones not cleared on AMD IOMMUs CVE-2013-0154 / XSA-37: Hypervisor crash due to incorrect ASSERT (debug build only) CVE-2013-0215 / XSA-38: oxenstored incorrect handling of certain Xenbus ring states CVE-2012-6075 / XSA-41: qemu (e1000 device driver): Buffer overflow when processing large packets CVE-2013-1917 / XSA-44: Xen PV DoS vulnerability with SYSENTER CVE-2013-1919 / XSA-46: Several access permission issues with IRQs for unprivileged guests CVE-2013-1920 / XSA-47: Potential use of freed memory in event channel operations CVE-2013-1922 / XSA-48: qemu-nbd format-guessing due to missing format specification This release contains many bug fixes and improvements (around 100 since Xen 4.2.1). The highlights are: ACPI APEI/ERST finally working on production systems Bug fixes for other low level system state handling Bug fixes and improvements to the libxl tool stack Bug fixes to nested virtualization ----- 4.2.1 Xen 4.2.1 is a maintenance release in the 4.2 series and contains: We recommend that all users of Xen 4.2.0 upgrade to Xen 4.2.1. The release fixes the following critical vulnerabilities: CVE-2012-4535 / XSA-20: Timer overflow DoS vulnerability CVE-2012-4537 / XSA-22: Memory mapping failure DoS vulnerability CVE-2012-4538 / XSA-23: Unhooking empty PAE entries DoS vulnerability CVE-2012-4539 / XSA-24: Grant table hypercall infinite loop DoS vulnerability CVE-2012-4544, CVE-2012-2625 / XSA-25: Xen domain builder Out-of-memory due to malicious kernel/ramdisk CVE-2012-5510 / XSA-26: Grant table version switch list corruption vulnerability CVE-2012-5511 / XSA-27: Several HVM operations do not validate the range of their inputs CVE-2012-5513 / XSA-29: XENMEM_exchange may overwrite hypervisor memory CVE-2012-5514 / XSA-30: Broken error handling in guest_physmap_mark_populate_on_demand() CVE-2012-5515 / XSA-31: Several memory hypercall operations allow invalid extent order values CVE-2012-5525 / XSA-32: several hypercalls do not validate input GFNs Among many bug fixes and improvements (around 100 since Xen 4.2.0): A fix for a long standing time management issue Bug fixes for S3 (suspend to RAM) handling Bug fixes for other low level system state handling Bug fixes and improvements to the libxl tool stack Bug fixes to nested virtualization ----- 4.2.0 The Xen 4.2 release contains a number of important new features and updates including: The release incorporates many new features and improvements to existing features. There are improvements across the board including to Security, Scalability, Performance and Documentation. XL is now the default toolstack: Significant effort has gone in to the XL tool toolstack in this release and it is now feature complete and robust enough that we have made it the default. This toolstack can now replace xend in the majority of deployments, see XL vs Xend Feature Comparison. As well as improving XL the underlying libxl library has been significantly improved and supports the majority of the most common toolstack features. In addition the API has been declared stable which should make it even easier for external toolstack such as libvirt and XCP's xapi to make full use of this functionality in the future. Large Systems: Following on from the improvements made in 4.1 Xen now supports even larger systems, with up to 4095 host CPUs and up to 512 guest CPUs. In addition toolstack feature like the ability to automatically create a CPUPOOL per NUMA node and more intelligent placement of guest VCPUs on NUMA nodes have further improved the Xen experience on large systems. Other new features, such as multiple PCI segment support have also made a positive impact on such systems. Improved security: The XSM/Flask subsystem has seen several enhancements, including improved support for disaggregated systems and a rewritten example policy which is clearer and simpler to modify to suit local requirements. Documentation: The Xen documentation has been much improved, both the in-tree documentation and the wiki. This is in no small part down to the success of the Xen Document Days so thanks to all who have taken part.
7 lines
373 B
Text
7 lines
373 B
Text
===========================================================================
|
|
$NetBSD: MESSAGE,v 1.1.1.1 2013/05/15 05:32:12 jnemeth Exp $
|
|
|
|
The Xen hypervisor is installed under the following locations:
|
|
${XENKERNELDIR}/xen.gz (standard hypervisor)
|
|
${XENKERNELDIR}/xen-debug.gz (debug hypervisor)
|
|
===========================================================================
|