April 2021 1st Security And Bugfix Update

Security Apr 1, 2021

Security and bugfix updates are available, for the supported 8.2 release, and also one last time for XCP-ng 8.1 for which support ends today (see here).

To update, follow this guide. You can also join the discussion on our community forum. Hosts reboot necessary after this update.

Summary

The published batch of updates includes security fixes to the Linux kernel in dom0 and to openvswitch, in order to protect your hosts against DoS attacks that could be performed by attackers able to execute privileged code in a VM.

Reference: https://support.citrix.com/article/CTX306565.

It also fixes a memory leak in Intel's ixgbe driver, that has been identified by our forum users and has been especially hard to debug. Finding the exact cause of this issue that:

  1. we could not reproduce internally
  2. requires specific hardware and conditions to manifest itself
  3. and doesn't manifest instantly…

… has mobilized many of users and developers over the last months.

Before and after the fix, courtesy of Delaf on our forums

Finally, the updated kernel package also fixes spurious event-related warnings.

End of support for XCP-ng 8.1

XCP-ng 8.1 has reached its end of life date. After this last batch of updates, it will not receive any updates anymore. Upgrade to XCP-ng 8.2 LTS. It's not an April fools' joke!

Tags

Samuel Verschelde

XCP-ng release manager and lead packager

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.