March 2024 Maintenance Update

New bugfix and enhancement updates are available for the only currently supported release of XCP-ng: 8.2 LTS.

📔
To update, follow this guide. You can also join the discussion on our community forum. Host reboots are necessary after this update.

Summary

We usually queue non-critical fixes or improvements for a grouped release, to avoid unnecessary maintenance tasks on your pools. This is one such grouped release.

If your hosts were up to date until this point, you have the option to either install the updates now or postpone them and wait for the next security updates to update all at once.

What changed

This update brings bugfixes, compatibility improvements, as well as some small enhancements to a variety of components.

Openvswitch

Open vSwitch is a production quality, multilayer virtual switch.

We backported several patches to fix vulnerabilities in Open vSwitch. The first two are unlikely to have any real world impact on XCP-ng. The third one could theoretically allow an attacker to cause a remote denial of service against the host.

  • CVE-2023-1668: Correct a flaw when processing an IP packet with protocol 0.
  • CVE-2023-5366: Correct a flaw where crafted IPv6 packets could lead IPv6 ICMP packets to be sent to a broader range of hosts than expected.
  • CVE-2023-3966: Correct a vulnerabity with "crafted Geneve packets causing invalid memory accesses and potential denial of service".

blktap

blktap is a user-level disk I/O interface.

Synced with Citrix Hypervisor 8.2 CU1 hotfix XS82ECU1056:

  • Bugfix for time out on NFS tasks which can sometimes exceed the configured value.   
  • Improve the error handling for some lost iSCSI connection.

sm

SM manages the storage repositories, virtual disks, and storage in general.

  • Support NFS servers which only offer NFS v4 and no NFS v3. The discovery process for such servers differs from that of servers which offer also NFSv3, so the SR (Storage Repository) driver had to be improved.
  • Synced with Citrix Hypervisor 8.2 CU1 hotfix XS82ECU1056: bugfix on the path checker for DELL EqualLogic with iSCSI protocol.
  • Synced with Citrix Hypervisor 8.2 CU1 hotfix XS82ECU1060: bugfix for when a host is unable to log into all iSCSI portals because there are separate independent Target Portal Groups inside the IQN.

Others bugfixes and improvements

  • util-linux: Preparatory steps to support 4k-blocs-only disks.
  • xapi: Bugfix in a testing framework.
  • xcp-ng-pv-tools: Small fixes regarding VM stats reporting.
  • xcp-ng-xapi-plugins: Add check_installed function in updater plugin to test installed packages. This is a prerequisite for the upcoming XOSTOR release.

Updates for alternate drivers

As explained in our documentation, XCP-ng occasionally provides alternate drivers for users who have issues with the main drivers installed with XCP-ng. We just released three updates. These were rebuilt based on driver disks published by XenServer for Citrix Hypervisor 8.2 CU1:

  • cisco-enic-alt: Update to version 4.5.0.7
  • cisco-fnic-alt: Update to version 2.0.0.90
  • qlogic-fastlinq-alt: Update to version 8.74.0.2

You can consult the list of drivers with an alternate version on Github.