June 2022 Security Update #2

Security Jun 27, 2022

A security update is available for the only currently supported release of XCP-ng: 8.2 LTS.

📔
To update, follow this guide. You can also join the discussion on our community forum. Hosts reboot necessary after this update.

Summary

New vulnerabilities in Intel CPUs have been disclosed.

We provide an update of the Xen hypervisor that includes patches which mitigate these hardware issues.

We also released a maintenance update of the secureboot-certs script included in the uefistored RPM.

Impact

Code running in a guest VM may be able to read very small sections of memory that are actively being used somewhere else.

Only Intel CPUs are affected.

References

Tags

Samuel Verschelde

XCP-ng release manager: pushes the big red "Release" button. Part developer, part packager, part QA, part manager. Open Source enthusiast since 2002.