September 2021 Security update

A security update is available for the only currently supported release of XCP-ng: 8.2 LTS.

To update, follow this guide. You can also join the discussion on our community forum. Hosts reboot necessary after this update.

Summary

Several vulnerabilities have been discovered and fixed in the Xen hypervisor.

To address this, we released updates to the Xen hypervisor packages for XCP-ng.‌

Impact

The vulnerabilities discovered in Xen may allow privileged code in a VM to compromise a host or cause a host to crash.

Details and CVE numbers are available in the advisories linked in the References section below.

References

• Citrix Hypervisor Security Bulletin
• Xen Security Advisories: XSA-378 XSA-379 XSA-380 XSA-382 XSA-384