November 2019 Security, bugfix and enhancement updates
Security updates are available for the two supported releases of XCP-ng: 7.6 and 8.0. We advise you to update your hosts soon.
Additionally, we provide new VM templates for RHEL 8 and its derivatives, as well as for Debian 10 (Buster). The linux guest tools have also been updated to support RHEL 8, its derivatives, and several additional linux distributions. This is for XCP-ng 8.0 only.
To update, follow this guide. Join the discussion on our community forum.
Reboot after updating.
Security updates (XCP-ng 7.6 and 8.0)
The updated packages address the following advisories from the Xen Project:
- XSA-296 - VCPUOP_initialise DoS (CVE-2019-18420): "Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (Dos)."
- XSA-298 - missing descriptor table limit checking in x86 PV emulation (CVE-2019-18425): "32-bit PV guest user mode can elevate its privileges to that of the guest kernel."
- XSA-299 - Issues with restartable PV type change operations (CVE-2019-18421): "A malicious PV guest administrator may be able to escalate their privilege to that of the host."
- XSA-302 - passed through PCI devices may corrupt host memory after deassignment (CVE-2019-18424): "An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation."
See also Citrix's security bulletin.
Bugfix updates (XCP-ng 8.0)
max_grant_frames for guests
Due to changes in the software architecture, XCP-ng 8.0 had lost the ability to set per-VM values for
max_maptrack_frames. The default value for
max_grant_frames, which is
32, is too low for somes uses, which can lead to situations where the guest can't use more than a certain number of virtual network interfaces, with this error message:
xen_netfront: can't alloc rx grant refs. In that situation,
64 is a better value.
The updated Xen packages also contain the security fixes described above. This restores the behaviour of previous XCP-ng releases by letting you override the default value of
max_grant_frames per VM (and
max_maptrack_frames, but you're less likely to need that).
See https://github.com/xcp-ng/xcp/issues/289 for instructions.
Enhancements (XCP-ng 8.0)
Templates for RHEL 8, its derivatives, and Debian 10
We have decided not to wait for XCP-ng 8.1 to add VM templates for RHEL 8, its derivatives (CentOS, etc.) and Debian 10 (Buster), these were all requested by users.
It was already possible to use those distributions on XCP-ng: you simply needed to select a template for the previous release and there would be no issue whatsoever. The new templates do not differ, except in their names.
We added them so that it's more straightforward for users.
- https://github.com/xcp-ng/xcp/issues/274 (RHEL 8)
- https://github.com/xcp-ng/xcp/issues/276 (Debian 10)
Guest tools for RHEL 8 and additional distributions
We also updated the package that contains the guest tools ISO to add support for RHEL 8 and its derivatives. Support for Debian 10 was already present.
We took this opportunity to also add support for the following distros that had been requested by users (who provided patches):
- FreePBX (Sangoma Linux)
The only changes reside in the detection of supported distributions in the installation scripts. In the end, they are treated like RHEL or CentOS derivatives. Details for these script changes are visible in the related github repository: https://github.com/xcp-ng/xe-guest-utilities/commits/master.
Note: except for RHEL 8 and CentOS 8, we did not get enough feedback from users about those additional distributions to be able to guarantee that it will work perfectly. This is provided in the hope that it works well for those distributions and can be improved later if any issue is detected.