Xen Project patches serious virtual machine escape flaws

The Xen Project has fixed four vulnerabilities in its widely used virtualization software, two of which could allow malicious virtual machine administrators to take over host servers. Flaws that break the isolation layer between virtual machines are the most serious kind for a hypervisor like Xen, which allows users to run multiple VMs on the same underlying hardware in a secure manner. The Xen hypervisor is widely used by cloud computing providers and virtual private server hosting companies like Linode, which had to reboot some of its servers over the past few days to apply the new patches. The Xen updates, which were shared with partners in advance, were released publicly Thursday along with accompanying security advisories.