Security updates are available for the two supported releases of XCP-ng: 8.0 and 8.1.
To update, follow this guide. You can also join the discussion on our community forum. A host reboot is required after applying these updates.
Related: Citrix Hypervisor Security Bulletin
Multiple Xen security issues
Several security issues were discovered and fixed in the Xen hypervisor, which is at the core of XCP-ng.
- Impact: privileged code running in a guest VM may manage to crash the host or make it unresponsive. Additionally, unprivileged code running in a PV guest VM may be able to crash the VM.
- Vulnerable systems: any unpatched XCP-ng host.
- Resolution: Update your hosts and reboot.