The Xen Project has fixed 35 flaws, all rated critical, for versions 4.3 and 4.4 of its flagship hypervisor. The fixes appear to correspond to flaws identified after the late February 2014 cloudpocalypse, when major cloud providers feared they would once again need to reboot substantial parts of their server fleets to keep them secure.
Xen 4.3 gets 17 fixes, all available in the new version 4.3.4. Xen 4.4, now best-used as version 4.4.2, gets the other 18.
The updates are available at the Xen project's download page, but the pain won't end after you install the new code because the CVE-2013-3495 / XSA-59 flaw regarding Intel VT-d Interrupt Remapping engines isn't guaranteed to work on all chipsets for either Xen 4.3 or 4.4.
The Xen Project suggests users upgrade to the new versions, without delay. ®
- Black Hat
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Identity Theft
- Palo Alto Networks