Photo by Anton Sharov

July 2025 Security and Maintenance Update for XCP-ng 8.3 LTS

Security Jul 3, 2025

New bugfix, enhancement and security updates are available for XCP-ng 8.3 LTS.

📔
To update, follow this guide. You can also join the discussion on our community forum.
Host reboots are necessary after this update.

📋Summary

We usually queue non-critical fixes or improvements for a grouped release, to avoid unnecessary maintenance tasks on your pools. This is one such grouped release, grouped along with a set of security updates.

⚠️
Given this groups maintenance updates and security updates, it is strongly advised for all users to update their hosts.
Picture of a green shield

🔒Security Updates

A vulnerability has been discovered in Xen, allowing privileged code in a guest to cause a hypervisor crash, causing a Denial of Service (DoS) of the entire host.

Technical summary for interested readers: Xen intercepts and emulates specific instructions, sometimes by using executable stubs to replay said instructions. However, incorrect metadata in replayed instructions may cause Xen to treat exceptions as fatal rather than handling them gracefully.

xen-* packages were updated to address this vulnerability.

References: XSA-470 - CVE-2025-27465

🪲 Others bugfixes and improvements

  • http-nbd-transfer: move some logs to debug level to avoid log spam.
  • sm (this updated package is already included in the refreshed 8.3 installation ISOs):
    • XOSTOR: avoid a rare migration error when the GC would run on our migration snapshot
    • Use GC daemon code for LINSTOR like other drivers (no changes for users)
  • xapi:
    • Fix remote syslog configuration being broken on updates
    • Fix several RRD (stats collection) issues and make the plugins more robust.
    • Prevent xapi concurrent calls during migration from indirectly making each other fail (already fixed in the refreshed 8.3 installation ISOs)
    • Fix a deadlock in xenopsd due to atom nesting (already fixed in the refreshed 8.3 installation ISOs)
  • xo-lite:
    • Update to 0.12.0
    • As described in the article published when the latest version of Xen Orchestra was released, XO was updated with:
      • a new VM dashboard with a responsive and light design;
      • an updated host dashboard;
      • minor improvements and bug fixes.

🔗 Updates for an alternate driver

  • broadcom-bnxt-en-alt: Update to version 1.10.3_232.0.155.5

Tags

Samuel Verschelde

Along with Thierry Escande, Gaël Duperrey

XCP-ng Lead Maintainer, Release Manager and Technical Product Manager. Open Source enthusiast since 2002.

Recommended for you