September 2020 Security Updates

Security updates are available for the two supported releases of XCP-ng: 8.0 and 8.1.

To update, follow this guide. You can also join the discussion on our community forum. A host reboot is required after applying these updates.

Related: Citrix Hypervisor Security Bulletin

Multiple Xen security issues

Several security issues were discovered and fixed in the Xen hypervisor, which is at the core of XCP-ng.

• Impact: privileged code running in a guest VM may manage to crash the host or make it unresponsive. Additionally, unprivileged code running in a PV guest VM may be able to crash the VM.
• Vulnerable systems: any unpatched XCP-ng host.
• Resolution: Update your hosts and reboot.

References:

• XSA-333, XSA-334, XSA-336, XSA-337, XSA-338, XSA-339, XSA-340, XSA-342, XSA-343 and XSA-344
• Corresponding CVE numbers and links are visible on http://xenbits.xen.org/xsa/