July 2025 Security and Maintenance Update for XCP-ng 8.2 LTS
New bugfixes, enhancement and security updates are available for XCP-ng 8.2 LTS.
Host reboots are necessary after this update.
📋Summary
This update primarily brings a security patch described below, along with some less urgent updates to other components.

🔒Security Updates
A vulnerability has been discovered in Xen, allowing privileged code in a guest to cause a hypervisor crash, causing a Denial of Service (DoS) of the entire host.
Technical summary for interested readers: Xen intercepts and emulates specific instructions, sometimes by using executable stubs to replay said instructions. However, incorrect metadata in replayed instructions may cause Xen to treat exceptions as fatal rather than handling them gracefully.
xen-*
packages were updated to address this vulnerability.
References: XSA-470 - CVE-2025-27465
🪲 Others bugfixes and improvements
openssh
: Fix low priority CVE-2025-26465 DoS attack when VerifyHostKeyDNS is "yes" or "ask" (The Default value has not changed: "no")samba
: Fix vulnerabilities which are very unlikely to be exploitable on XCP-ng but are reported by security scanners.xcp-ng-release
: This update adds a certificate to resolve a TLS handshake error, particularly when deploying XOA from CLI using curl.
📢 XCP-ng 8.2 LTS end of support
We therefore strongly encourage you to migrate your pools to XCP-ng 8.3 LTS to continue benefiting from the latest security fixes and improvements.