New security, bugfix and enhancement updates are available for the only currently supported release of XCP-ng: 8.2 LTS.
Several vulnerabilities have been discovered and fixed in the Xen hypervisor and in the XAPI toolstack.
To address them, we release updates for these components in XCP-ng.
In addition to this, updated AMD microcode is provided.
🔒 Fixed vulnerabilities
Here is the list of all vulnerabilities that has been fixed:
XSA-410 (Xen Hypervisor)
- Two privileged users in two HVM guest VMs, in collaboration, may crash the host or make it unresponsive.
- Reference: https://xenbits.xen.org/xsa/advisory-410.html
XSA-411 (Xen Hypervisor)
- Two cooperating guests granting each other transitive grants may mount a DoS attack against the host.
- Reference: https://xenbits.xen.org/xsa/advisory-411.html
XSA-413 (XAPI toolstack)
- An unauthenticated attacker on the management network may be able to stop users from accessing the XAPI HTTP interface, disrupt work in progress, and result in a XAPI toolstack Denial of Service.
Any guests who need toolstack operations would likewise be impacted by such a DoS.
- Reference: https://xenbits.xen.org/xsa/advisory-413.html
The following issues were fixed:
- VMs can sometimes freeze when graphics-intensive applications run
- The guest UEFI firmware may occasionnally hang
- When you had an active VIF connected on dom0, you couldn't delete that VIF or the associated network, including VLAN.
- When certificates contain the \r character, the xe host-get-server-certificate command can incorrectly output it.
- AMD microcode is updated to version 2022-09-30
- Note: updating your hardware's firmware always remains the preferred way to update microcode, and any newer microcode found in the firmware will take precedence over the microcode we provide in XCP-ng.