July 2025 Security and Maintenance Update for XCP-ng 8.2 LTS
New bugfixes, enhancement and security updates are available for XCP-ng 8.2 LTS.
📔
To update, follow this guide. You can also join the discussion on our community forum.
Host reboots are necessary after this update.
Host reboots are necessary after this update.
📋Summary
This update primarily brings a security patch described below, along with some less urgent updates to other components.
⚠️
Since this includes a fix for a security vulnerability, all users are strongly advised to update their hosts as soon as possible.
🔒Security Updates
A vulnerability has been discovered in Xen, allowing privileged code in a guest to cause a hypervisor crash, causing a Denial of Service (DoS) of the entire host.
Technical summary for interested readers: Xen intercepts and emulates specific instructions, sometimes by using executable stubs to replay said instructions. However, incorrect metadata in replayed instructions may cause Xen to treat exceptions as fatal rather than handling them gracefully.
xen-* packages were updated to address this vulnerability.
References: XSA-470 - CVE-2025-27465
🪲 Others bugfixes and improvements
openssh: Fix low priority CVE-2025-26465 DoS attack when VerifyHostKeyDNS is "yes" or "ask" (The Default value has not changed: "no")samba: Fix vulnerabilities which are very unlikely to be exploitable on XCP-ng but are reported by security scanners.xcp-ng-release: This update adds a certificate to resolve a TLS handshake error, particularly when deploying XOA from CLI using curl.
📢 XCP-ng 8.2 LTS end of support
💡
XCP-ng 8.2 LTS will no longer be supported as of September 16, 2025.
We therefore strongly encourage you to migrate your pools to XCP-ng 8.3 LTS to continue benefiting from the latest security fixes and improvements.
We therefore strongly encourage you to migrate your pools to XCP-ng 8.3 LTS to continue benefiting from the latest security fixes and improvements.
