Summer 2021 Security and Bugfix Updates

Security and bugfix updates are available for the only currently supported release of XCP-ng: 8.2 LTS.

To update, follow this guide. You can also join the discussion on our community forum. Hosts reboot necessary after this update.

Summary

This update addresses vulnerabilities in QEMU and also brings bugfixes to several other components in XCP-ng.

We want to thank everyone involved in producing: upstream developers and packagers, XCP-ng developers, and our community who took part in testing them.

Security update

The vulnerabilities discovered in QEMU may allow privileged code in VMs to cause hosts to crash or become unresponsive. This is fixed in the updated qemu RPM package.

References:

• Citrix Hypervisor Security Bulletin
• CVE numbers are available in the above security bulletin.

Bugfix updates

We are releasing updated RPM packages that fix various issues or add better support for guest OSes.

Guest tools ISO

The guest tools ISO was updated. We used to embed the Linux guest tools built by Citrix (they are free software, freely redistributable), with a few added improvements, but this lacked flexibility. It was indeed impossible for us to release fixes in the guest packages themselves (RPM, DEB, TGZ) that the installer script installs on your VMs.

So now the tools are all built by us from the sources, as we had been planning for long.

Note: we changed the versioning of the guest tools. You will notice that the new ones report being in version 7.20-9 (sources in version 7.20, ninth XCP-ng patch level) instead of 8.1.50 like the ones from Citrix. It is not a downgrade. Citrix versions the tools after the release of Citrix Hypervisor (8.1.50 more or less means 8.2). We version them after their actual version in the source repository.

In addition to the new build process, the updated guest tools bring:

• Support for Rocky Linux and Almalinux
• Support for CentOS 8.3+ and CentOS Stream
• Fixed support for FreePBX

There is no need to reinstall those tools in existing VMs where they already work correctly.

Windows guest tools are not available on the ISO yet (you still have to download them as described in the docs), but we are working on it.

Other bugfix updates

• Updated XAPI brings the latest fixes from Citrix hotfix XS82E020.
• Updated storage manager (sm) brings:
  • the latest fixes from Citrix hotfixes XS82E023 and XS82E025 as well as a fix for a minor regression the first hotfix brought (detected by Ronan and reported upstream),
  • an experimental MooseFS storage driver contributed by the MooseFS developers (not enabled nor loaded in memory by default, so there's no risk of regression related to this),
  • a fix for NFS SR creation with some QNAP devices (contributed upstream by Benjamin).
• Updated xsconsole fixes DNS settings management: when changed in the text UI, DNS settings were not saved to the XAPI and were thus lost after a reboot (contributed upstream by Benjamin).
• Updated blktap fixes a rare crash in specific situations.

As you can see, we are doing more and more upstream contributions (reporting but also fixing stuff). Also, we would like to thank Citrix for putting back some repositories on github, so we could contribute more easily by improving the code and fixing bugs: there are already 4 pull requests, 2 of which were already merged. All of this just 24h after the repository was open to contributions.