Xen releases updates, but also has eight patches about to drop
Your choice: big update now or big update and security boost in two weeks
The Xen Project has just issued two new maintenance releases, but before you rush out and install them consider that the open-source hypervisor also has eight new patches in the works.
Xen announces new patches on its advisories page, but doesn't reveal details of the problems they'll address for two weeks. The gap between announcement and disclosure is offered so that big Xen users, including clouds like Amazon Web Services, can sort things out before the bad guys attack the millions of virtual machines it hosts.
We won't know what's in advisories XSA-191 to XSA-198 until November 22nd.
Until then there's Xen 4.6.4 and Xen 4.7.1. Both are routine: Xen aims to deliver maintenance updates every four months and to offer 18 months of full support and a further 18 months of security fixes for its stable releases.
Xen 4.6 emerged in October 2015 so is still in the full flush of support. Xen 4.7 was launched in March 2016 so is also getting the full treatment.
Xen's Jan Beulich blogged news of the maintenance releases and suggested “that all users of the 4.6 and 4.7 stable series update to the latest point release.” But he didn't call out any of the updates as especially important and The Register's graze of the changelogs linked to above yielded no standouts. So perhaps you can wait and do the upgrade once those new patches land. ®