May 2022 Security Update

Security May 16, 2022

A security update is available for the only currently supported release of XCP-ng: 8.2 LTS.

Actually, it does not fix any security vulnerability in XCP-ng itself, but it brings updated microcode for Intel CPUs affected by recently disclosed vulnerabilities (IPU 2022.1, among others).

The update also provides updated microcode for some AMD CPUs as well as an updated Xen package.

📔
To update, follow this guide. You can also join the discussion on our community forum. Hosts reboot necessary after this update.
⚠️
If you haven't installed the 8.2.1 update yet and want to update through Xen Orchestra's Rolling Pool Update, make sure your version is at least 5.69.2, otherwise VMs may fail to migrate.

Summary

  • Intel microcode updated for recently disclosed vulnerabilities, such as IPU 2022.1: "A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability." See also: Intel® Product Security Center Advisories.
    As usual with this kind of hardware vulnerabilities, you should also contact your vendor for firmware updates. Not all vulnerabilities can be fixed through microcode.
  • Updated AMD microcode for Fam17h and Fam19h.
  • Citrix also released an update for Xen. As we had already anticipated the patches they added in our previous update (to avoid regressions that the fixes to the XSA-400 vulnerabilities would introduce), it does not really change anything for XCP-ng. We synced our RPM with theirs anyway to make future updates easier.

References:

Tags