November 2019 Security, bugfix and enhancement updates

Security Nov 8, 2019

Security updates are available for the two supported releases of XCP-ng: 7.6 and 8.0. We advise you to update your hosts soon.

Additionally, we provide new VM templates for RHEL 8 and its derivatives, as well as for Debian 10 (Buster). The linux guest tools have also been updated to support RHEL 8, its derivatives, and several additional linux distributions. This is for XCP-ng 8.0 only.

To update, follow this guide. Join the discussion on our community forum.
Reboot after updating.

Security updates (XCP-ng 7.6 and 8.0)

The updated packages address the following advisories from the Xen Project:

See also Citrix's security bulletin.

Bugfix updates (XCP-ng 8.0)

Enable increasing max_grant_frames for guests

Due to changes in the software architecture, XCP-ng 8.0 had lost the ability to set per-VM values for max_grant_frames and max_maptrack_frames. The default value for max_grant_frames, which is 32, is too low for somes uses, which can lead to situations where the guest can't use more than a certain number of virtual network interfaces, with this error message: xen_netfront: can't alloc rx grant refs. In that situation, 64 is a better value.

The updated Xen packages also contain the security fixes described above. This restores the behaviour of previous XCP-ng releases by letting you override the default value of max_grant_frames per VM (and max_maptrack_frames, but you're less likely to need that).

See for instructions.

Enhancements (XCP-ng 8.0)

Templates for RHEL 8, its derivatives, and Debian 10

We have decided not to wait for XCP-ng 8.1 to add VM templates for RHEL 8, its derivatives (CentOS, etc.) and Debian 10 (Buster), these were all requested by users.

It was already possible to use those distributions on XCP-ng: you simply needed to select a template for the previous release and there would be no issue whatsoever. The new templates do not differ, except in their names.

We added them so that it's more straightforward for users.


Guest tools for RHEL 8 and additional distributions

We also updated the package that contains the guest tools ISO to add support for RHEL 8 and its derivatives. Support for Debian 10 was already present.

We took this opportunity to also add support for the following distros that had been requested by users (who provided patches):

  • CloudLinux
  • FreePBX (Sangoma Linux)

The only changes reside in the detection of supported distributions in the installation scripts. In the end, they are treated like RHEL or CentOS derivatives. Details for these script changes are visible in the related github repository:

Note: except for RHEL 8 and CentOS 8, we did not get enough feedback from users about those additional distributions to be able to guarantee that it will work perfectly. This is provided in the hope that it works well for those distributions and can be improved later if any issue is detected.


Samuel Verschelde

XCP-ng Lead Maintainer, Release Manager and Technical Product Manager. Open Source enthusiast since 2002.