January 2022 Security Update

Security Jan 17, 2022

A security update is available for the only currently supported release of XCP-ng: 8.2 LTS.

⚠️
If you are still using 32 bit Paravirtualized VMs, please check this article before!
📔
To update, follow this guide. You can also join the discussion on our community forum. Hosts reboot necessary after this update.

Summary

Several vulnerabilities have been discovered and fixed in the Xen hypervisor as well as in the controller domain's Linux kernel.

To address this, we released updates for these components in XCP-ng.

Additionally, the updated Xen packages completely disable support for 32 bit PV guests, that have been officially unsupported since XCP-ng 8.1, for a 5% to 10% performance boost in dom0. Check the dedicated article for details and migration options if you still have such deprecated guests.

Impact

The vulnerabilities may allow privileged code in a VM to cause a host to crash or become unresponsive.

References

Tags

Samuel Verschelde

XCP-ng Release Manager