February 2023 Security Update

Security Feb 20, 2023

New security and bugfix updates are available for the only currently supported release of XCP-ng: 8.2 LTS.

📔

To update, follow this guide. You can also join the discussion on our community forum. Host reboots are necessary after this update.

📋 Summary

Several vulnerabilities have been discovered in Intel CPUs and are addressed by a microcode update. Other vulnerabilities have been discovered in AMD CPUs and are addressed by a Xen update.

In addition to this, Xen is updated for better hardware support, AMD microcode is updated to the latest, and we also update other components in XCP-ng for bugfixes and small improvements.

⚠️

Updated firmware is provided as a convenience to help mitigates hardware vulnerabilities and other bugs.
Updating your hardware's firmware remains the preferred way to update microcode, and any newer microcode found in the firmware will take precedence over the microcode we provide in XCP-ng.

🔒 Fixed vulnerabilities

Intel released updated microcode for various devices affected by the issues mentioned in the release notes.

AMD disclosed an information disclosure vulnerability, addressed by Xen Project's XSA-426 advisory and fixed in the updated Xen we provide.

🐛 Bugfixes

Here is the list of bug fixes per component.

Xen

Some issues with EPYC Zen4 (Genoa) hardware were fixed.

Other

Benign but annoying FCoE-related error messages at boot will not appear anymore.

✨ Other changes

This update is also providing other changes.

AMD microcode

An updated microcode from AMD is provided, as advised by the vendor. We don't have details on what the updated microcode blobs AMD published actually fixes.

New guest templates

Guest VM templates are added to XCP-ng for RHEL 9 and its derivatives: Almalinux 9, Rocky Linux 9, Oracle Linux 9, as well as templates for CentOS Stream 8 and 9.