Xen’s latest hypervisor updates are missing some security patches
The Xen Project released new versions of its virtual machine hypervisor, but forgot to fully include two security patches that had been previously made available.
The Xen hypervisor is widely used by cloud computing providers and virtual private server hosting companies.
Xen 4.6.1, released Monday, is flagged as a maintenance release, the kind that are put out roughly every four months and are supposed to include all bug and security patches released in the meantime.
“Due to two oversights the fixes for both XSA-155 and XSA-162 have only been partially applied to this release,” the Xen Project noted in a blog post. The same is true for Xen 4.4.4, the maintenance release for the 4.4 branch that was released on Jan. 28, the Project said.