How can it possibly be time to patch Xen again?
Xen Project issues maintenance release, urges upgrade sooner rather than later
Hot on the heels of dumping a hot, steaming pile of patches on its users, the Xen project has squeezed out a maintenance release.
Xen 4.5.2 hit the intertubes on Thursday, bringing with it 74 fixes and improvements, plus another five QEMU repairs.
Xen folk say “We recommend that all users of the 4.5 stable series update to this point release,” so there's no wriggling out of this one if you want to stay optimally stable.
The Project's not placing particular emphasis on any of the updates, but The Reg's virtualisation desk can't help but draw attention to the one called “Sane handling of extra config file arguments”. Another, “x86/hvmloader: avoid data corruption with xenstore reads/writes”, also seems worthy of attention for its name alone.
Xen's had a lousy time of it lately on the security front – indeed, there's a new flaw XSA-156 that will be made public on November 11th – but says it's on top of security, not bleeding. The Project's therefore pointed out that this maintenance release is entirely normal under its maintenance policy, which calls for update releases every four months. Xen 4.5.1 emerged in late June, 2015, so this release continues Xen's clockwork delivery of updates. ®
- Black Hat
- Cisco ACE
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- End-user computing
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Virtual machine
- Zero trust