XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Home
    2. gduperrey
    Offline
    • Profile
    • Following 0
    • Followers 1
    • Topics 0
    • Posts 91
    • Groups 4

    gduperrey

    @gduperrey

    Vates 🪐 XCP-ng Team

    Stormi's helper.
    Science-Fiction and Fantasy lover. Love books, comics, animes...

    130
    Reputation
    42
    Profile views
    91
    Posts
    1
    Followers
    0
    Following
    Joined
    Last Online

    gduperrey Unfollow Follow
    OS Platform & Release Team Vates 🪐 XCP-ng Team Admin

    Best posts made by gduperrey

    • RE: High Fan Speed Issue on Lenovo ThinkSystem Servers

      The kernel RPM integrating the patch is now available on the xcp-ng-testing repo. So you can already upgrade and use it. To do this, here are the commands:

      yum clean metadata --enablerepo=xcp-ng-testing
      yum update kernel --enablerepo=xcp-ng-testing
      reboot
      

      It will be released to all our users in an upcoming security update or update train. We don't have a date yet.

      posted in Hardware
      gduperreyG
      gduperrey
    • RE: XCP-ng 8.3 updates announcements and testing

      Updates published: https://xcp-ng.org/blog/2025/07/03/july-2025-security-and-maintenance-update-for-xcp-ng-8-3-lts/

      Thank you for the tests!

      posted in News
      gduperreyG
      gduperrey
    • RE: XCP-ng 8.2 updates announcements and testing

      New update candidates for you to test!

      As you may know, we group non-urgent updates together for a collective release, in order not to cause unnecessary maintenance for our users.

      The moment to release such a batch has come, so here they are, ready for user tests before the final release.

      • XAPI:
        • Synced with XS82ECU1074
          • Enhancement: robustification of the command xe host-emergency-ha-disable
          • Correction of different issues:
            • Performing a hard shutdown of a VM may hang due to unnecessary RBCA permission checks. An icon (yellow triangle) may then be displayed on some management applications, indicating that the shutdown process did not complete successfully.
            • Canceling a hard shutdown of a hung VM fails because the cancel function only checks for proper shutdowns.
            • Migrating VMs from 8.2.1 to 8.3 with the xe vm-migrate command may fail with the error 'Failure: Unknown tag/contents'.
            • You may encounter a 500 error (internal server error) when trying to retrieve RRD measurements from a powered off virtual machine.
      • xsconsole:
        • Synced with XS82ECU1074: Fix for a time-out when creating an iSCSI SR.
      • guest-templates-json:
        • Add generic templates for Linux BIOS and UEFI
        • Synced with XS82ECU1085:
          • Oracle 8 requires minimum 2 vCPUS.
          • Added template for Ubuntu 24.04
      • sm:
        • Synced with XS82ECU1075
          • Updated multipath.conf for several SANs
          • Fix for CA-393194: Find the real PV in a VG before removing the VG.
      • blktap: Synced with XS82ECU1075: Improvements on coalesce performance.
      • curl: Backport fixes for several CVE: CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2024-6197, CVE-2024-7264
      • openssl: Update to version 1.0.2k-26 from CentOS 7 updates and backports of available CVE fixes from openssl upstream. Update from CentOS 7 Includes fixes for CVE-2021-3712, CVE-2022-2078 and CVE-2023-0286. Backport are fixing CVE-2019-1547, CVE-2019-1551 and CVE-2019-1563.
      • xs-openssl: Rebased on version 1.1.1k-12 from CentOS 8 Stream. Include fixes for CVE-2023-5678, CVE-2023-3446, CVE-2023-3817 and a proper fix for CVE-2020-25659.
      • zstd: Update to version 1.5.5 to avoid an extremely rare cases of corruption
      • xcp-ng-xapi-plugins: Enhance error reporting when a command run on a host fails.
      • xenserver-status-report: Update to latest version, synced with XS82ECU1058
      • python-defusedxml: Added as a new dependency of xenserver-status-report.
      • Alternate Drivers: Updated to newer versions.
        • intel-i40e-alt: From version 2.22.20-3.1 to 2.22.20-5.1
        • mellanox-mlnxen-alt: From version 5.9.0.5.5.0-1.1 to 5.9.0.5.5.0-1.2
        • More information about drivers and current versions is on the drivers page: (https://github.com/xcp-ng/xcp/wiki/Drivers).
      • New alternate driver mlx4-modules-alt: To resolve some issues with CX3 cards and SR-IOV, we added an updated version 4.9-7.1.0.0-LTS of this driver.
      • kernel-alt: Backport of a fix to correct cooling fan rotation speed on some Lenovo servers. For more information, you can read this thread on the forum.

      As a dependency of XOSTOR:

      • http-nbd-transfer:
        • Try to open device and start HTTP server before notifying the user
        • Install pyc and pyo files

      Test on XCP-ng 8.2

      From an up to date host:

      yum clean metadata --enablerepo=xcp-ng-testing,xcp-ng-candidates
      yum update --enablerepo=xcp-ng-testing,xcp-ng-candidates
      reboot
      

      The usual update rules apply: pool coordinator first, etc.

      Versions

      • blktap: 3.37.4-4.1.xcpng8.2
      • curl: 8.6.0-2.2.xcpng8.2
      • forkexecd: 1.18.3-12.1.xcpng8.2
      • gpumon: 0.18.0-20.1.xcpng8.2
      • guest-templates-json: 1.10.7-1.2.xcpng8.2
      • http-nbd-transfer: 1.4.0-1.xcpng8.2
      • message-switch: 1.23.2-19.1.xcpng8.2
      • ocaml-rrd-transport: 1.16.1-17.1.xcpng8.2
      • ocaml-rrdd-plugin: 1.9.1-17.1.xcpng8.2
      • ocaml-tapctl: 1.5.1-17.1.xcpng8.2
      • ocaml-xcp-idl: 1.96.7-6.1.xcpng8.2
      • ocaml-xen-api-client: 1.9.0-20.1.xcpng8.2
      • ocaml-xen-api-libs-transitional: 2.25.7-1.1.xcpng8.2
      • openssl: 1.0.2k-26.2.xcpng8.2
      • python-defusedxml: 0.7.1-1.xcpng8.2
      • rrd2csv: 1.2.6-17.1.xcpng8.2
      • rrdd-plugins: 1.10.9-14.1.xcpng8.2
      • sm: 2.30.8-13.1.xcpng8.2
      • sm-cli: 0.23.0-63.1.xcpng8.2
      • squeezed: 0.27.0-20.1.xcpng8.2
      • varstored-guard: 0.6.2-17.xcpng8.2
      • vhd-tool: 0.43.0-20.1.xcpng8.2
      • wsproxy: 1.12.0-21.xcpng8.2
      • xapi: 1.249.38-1.11.xcpng8.2
      • xapi-nbd: 1.11.0-19.1.xcpng8.2
      • xapi-storage: 11.19.0_sxm2-19.xcpng8.2
      • xapi-storage-script: 0.34.1-18.1.xcpng8.2
      • xcp-networkd: 0.56.2-17.xcpng8.2
      • xcp-rrdd: 1.33.4-6.1.xcpng8.2
      • xenopsd: 0.150.19-5.1.xcpng8.2
      • xenserver-status-report: 1.3.16-3.xcpng8.2
      • xcp-ng-xapi-plugins: 1.10.1-1.xcpng8.2
      • xs-opam-repo: 6.35.13-4.xcpng8.2
      • xs-openssl: 1.1.1k-12.3.xcpng8.2
      • xsconsole: 10.1.13.1-2.1.xcpng8.2
      • zstd: 1.5.5-1.el7

      Optional packages:

      • kernel-alt: 4.19.265-2.xcpng8.2
      • Alternates drivers:
        • intel-i40e-alt: 2.22.20-5.1.xcpng8.2
        • mellanox-mlnxen-alt: 5.9_0.5.5.0-1.2.xcpng8.2

      New optional package:

      • mlx4-modules-alt: 4.9_7.1.0.0-1.xcpng8.2

      What to test

      Normal use and anything else you want to test. The closer to your actual use of XCP-ng, the better.

      Test window before official release of the updates

      ~1 week.

      posted in News
      gduperreyG
      gduperrey
    • RE: XCP-ng 8.2 updates announcements and testing

      The update is published. Thanks for your tests!
      Blog post: https://xcp-ng.org/blog/2022/11/04/november-2022-security-update/

      posted in News
      gduperreyG
      gduperrey
    • RE: XCP-ng 8.3 updates announcements and testing

      Update published: https://xcp-ng.org/blog/2025/01/23/january-2025-maintenance-update-for-xcp-ng-8-3/

      Thank you for the tests!

      posted in News
      gduperreyG
      gduperrey
    • RE: XCP-ng 8.3 updates announcements and testing

      New update candidates for you to test!

      A new batch of non-urgent updates is ready for user tests before a future collective release. Below are the details about these.

      • amd-microcode: Update AMD microcode to the 2024-11-21 drop
        • Updates firmware for families 17h and 19h CPUs. For the first time, AMD published updates for non-server CPUs. One can assume that they started supporting microcode update for these, contrarily to what they did in the past, and that these updates thus fix various bugs and vulnerabilities. This is only (sensible) speculation at the moment, though.
      • grub: Backport VLAN networking support for UEFI PXE boot.
      • iperf3: Upgrade to version 3.9-13 from CentOS 7
        • Includes a security fix for CVE-2023-38403
      • kernel: Backport of a fix to correct cooling fan rotation speed on some Lenovo servers. For more information, you can read this thread on the forum.
      • kexec-tools: Backport of a patch removing kernel_version(). Fixing a bug for kernel with a patchlevel greater than 255.
      • netdata: Fixed an issue that could occur when quickly uninstalling the package, right after an unfinished installation, and leave a service in an undetermined status.
      • slang: Fixed display and input issues in optional package mc.
      • sm: Contains a fix for leaf coalesce where the size of the leaf to coalesce was wrongly computed before deciding if it was a live coalesce or not, it resulted in some leaf having too much data to coalesce not successing the live coalesce and staying in this state indefinitely.
      • xapi:
        • Fixed a malfunction related to the absence of a certificate, which could cause a loop.
        • Fixed and improved various points in IPv6, related to management, reboot and re-initialization.
      • xo-lite: Update to version 0.6.0. For more details, you can consult the blog post on the latest release of Xen Orchestra.

      Optional packages:

      • kernel-alt: Backport of a fix to correct cooling fan rotation speed on some Lenovo servers. For more information, you can read this thread on the forum.
      • socat: Update the package to version 1.7.4.1 which includes a fix for a buffer overflow and security fixes.
      • traceroute: Updated to version 2.1.5.
      • Alternate Drivers: Updated to newer versions.
        • broadcom-bnxt-en-alt: From version 1.10.2_227.0.130.0 to 1.10.3_231.0.162.0
        • intel-i40e-alt: From version 2.22.20-3.1 to 2.26.8
        • More information about drivers and current versions is on the drivers page: (https://github.com/xcp-ng/xcp/wiki/Drivers).

      Test on XCP-ng 8.3

      From an up-to-date host:

      yum clean metadata --enablerepo=xcp-ng-testing
      yum update --enablerepo=xcp-ng-testing
      reboot
      

      The usual update rules apply: pool coordinator first, etc.

      Versions

      • amd-microcode: 20240503-1.1.xcpng8.3
      • grub: 2.06-4.0.2.1.xcpng8.3
      • iperf3: 3.9-13.xcpng8.3
      • kernel: 4.19.19-8.0.37.1.xcpng8.3
      • kexec-tools: 2.0.15-20.1.xcpng8.3
      • netdata: 1.44.3-1.2.xcpng8.3
      • slang: 2.3.2-11.xcpng8.3
      • sm: 3.2.3-1.13.xcpng8.3
      • xapi: 24.19.2-1.9.xcpng8.3
      • xo-lite: 0.6.0-1.xcpng8.3

      Optional packages:

      • kernel-alt: 4.19.322+1-1.xcpng8.3
      • socat: 1.7.4.1-6.xcpng8.3
      • traceroute: 2.1.5-2.xcpng8.3
      • Alternate drivers:
        • broadcom-bnxt-en-alt: 1.10.3_231.0.162.0-1.xcpng8.3
        • intel-i40e-alt: 2.26.8-1.xcpng8.3

      What to test

      Normal use and anything else you want to test. The closer to your actual use of XCP-ng, the better.

      Test window before official release of the updates

      None defined, but early feedback is always better than late feedback, which is in turn better than no feedback 🙂

      posted in News
      gduperreyG
      gduperrey
    • RE: XCP-ng 8.2 updates announcements and testing

      New security update candidates (xen)

      Xen is being updated to mitigate some vulnerabilities:

      • XSA-326: Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored.
      • XSA-419: Xenstore: Cooperating guests can create arbitrary numbers of nodes
      • XSA-414: A malicious guest can cause xenstored to crash, resulting in the inability to create new guests or to change the configuration of running guests.
      • XSA-415: Xenstore: Guests can create orphaned Xenstore nodes
      • XSA-416: Xenstore: Guests can cause Xenstore to not free temporary memory
      • XSA-417: Xenstore: Guests can get access to Xenstore nodes of deleted domains
      • XSA-418: Xenstore: Guests can crash xenstored via exhausting the stack
      • XSA-420: Oxenstored 32->31 bit integer truncation issues. A malicious or buggy guest can write a packet into the xenstore ring which causes 32-bit builds of oxenstored to busy loop.
      • XSA-421: Xenstore: Guests can create arbitrary number of nodes via transactions

      Test on XCP-ng 8.2

      From an up to date host:

      yum clean metadata --enablerepo=xcp-ng-testing
      yum update xen-dom0-libs xen-dom0-tools xen-hypervisor xen-libs xen-tools --enablerepo=xcp-ng-testing
      reboot
      

      Versions:

      • xen-*: 4.13.4-9.27.1.xcpng8.2

      What to test

      Normal use and anything else you want to test. The closer to your actual use of XCP-ng, the better.

      Test window before official release of the updates

      ~2 days.

      posted in News
      gduperreyG
      gduperrey
    • RE: XCP-ng 8.2 updates announcements and testing

      The update is published. Thanks for your tests!

      Blog post: https://xcp-ng.org/blog/2022/10/14/october-2022-security-update/

      posted in News
      gduperreyG
      gduperrey
    • RE: XCP-ng 8.2 updates announcements and testing

      New security update candidates (xen, linux-firmware, edk2, xapi)

      Xen and XAPI are being updated to mitigate some vulnerabilities:

      • XSA-410: Two privileged users in two guest VMs, in collaboration, can crash the host or make it unresponsive.
      • XSA-411: Correct a flaw in XSA-226 that allows DoS attacks from guest kernels to harm the whole system.
      • XSA-413: The management service on the host can become unresponsive or crash by the means of an unauthenticated user on the management network.

      In this release, there are also the following fixes and improvements:

      • XAPI, issues resolved:

        • When you had an active VIF connected on dom0, you couldn't delete that VIF or the associated network, including VLAN.
        • When certificates contain the \r character, the xe host-get-server-certificate command can incorrectly output it.
      • xen, linux-firmware, edk2:

        • Issues resolved:
          • Sometimes a VM freezes when a graphics-intensive application run
          • Sometimes guest UEFI firmware hangs
        • Improvements:
          • AMD microcode is updated to version 2022-09-30
          • Improvements to Xen diagnostics.

      Test on XCP-ng 8.2

      From an up to date host:

      yum clean metadata --enablerepo=xcp-ng-testing
      yum update edk2 linux-firmware xen-dom0-libs xen-dom0-tools xen-hypervisor xen-libs xen-tools forkexecd message-switch xapi-core xapi-tests xapi-xe xcp-rrdd xenopsd xenopsd-cli xenopsd-xc --enablerepo=xcp-ng-testing
      reboot
      

      Versions:

      • edk2-20180522git4b8552d-1.4.6.xcpng8.2
      • linux-firmware-20190314-5.xcpng8.2
      • xen-*: 4.13.4-9.26.1.xcpng8.2
      • forkexecd-1.18.1-1.1.xcpng8.2
      • message-switch-1.23.2-3.2.xcpng8.2
      • xapi-*: 1.249.26-2.1.xcpng8.2
      • xcp-rrdd-1.33.0-6.1.xcpng8.2
      • xenopsd-*: 0.150.12-1.2.xcpng8.2

      What to test

      Normal use and anything else you want to test. The closer to your actual use of XCP-ng, the better.

      Test window before official release of the updates

      ~2 days.

      posted in News
      gduperreyG
      gduperrey
    • RE: XCP-ng 8.2 updates announcements and testing

      The update is published. Thanks for your tests!

      Blog post: https://xcp-ng.org/blog/2022/10/05/october-2022-maintenance-update/

      posted in News
      gduperreyG
      gduperrey

    Latest posts made by gduperrey

    • RE: XCP-ng 8.3 updates announcements and testing

      @manilx We recently upgraded our Koji build system. This may have caused disruptions in this recent update release yesterday, where an XML file was generated multiple times. This has now been fixed and should not happen again. This may explain the issue encountered this time, particularly with the notification of updates via XO.

      Note that normally yum metadata expires after a few hours and so it should normally return to normal on its own.

      posted in News
      gduperreyG
      gduperrey
    • RE: XCP-ng 8.3 updates announcements and testing

      @manilx said in XCP-ng 8.3 updates announcements and testing:

      yum clean all

      I can't explain it. I can't say what's going on on your system, especially with so little information.

      Personally, I run the following commands all the time:

      yum clean metadata ; yum update
      

      I very rarely need to use yum clean all, and I don't remember having to do an additional rm. And yet, I run the above commands a lot during testing campaigns.

      posted in News
      gduperreyG
      gduperrey
    • RE: XCP-ng 8.3 updates announcements and testing

      @flakpyro Yes, it always takes a little time for the mirrors to synchronize.

      I'm getting correct feedback from the main repository (https://updates.xcp-ng.org/) with the correct updates available.

      posted in News
      gduperreyG
      gduperrey
    • RE: XCP-ng 8.3 updates announcements and testing

      Updates published: https://xcp-ng.org/blog/2025/07/15/july-2025-security-update-2-for-xcp-ng-8-3-lts/

      Thank you for the tests!

      posted in News
      gduperreyG
      gduperrey
    • RE: XCP-ng 8.3 updates announcements and testing

      New security and maintenance update candidate

      A new XSA (Xen Security Advisory) was published on the 8th of July, related to hardware vulnerabilities in several AMD CPUS. Updated microcode mitigate it, and Xen is updated to adapt to the changes in the CPU features. We also publish other non-urgent updates which we had in the pipe for the next update release.


      Security updates

      • amd-microcode:
        • Update to 20250626-1 as redistributed by XenServer.
      • xen-*:
        • Fix XSA-471 - New speculative side-channel attacks have been discovered, affecting systems running all versions of Xen and AMD Fam19h CPUs (Zen3/4 microarchitectures). An attacker could infer data from other contexts. There are no current mitigations, but AMD is producing microcode to address the issue, and patches for Xen are available. These attacks, named Transitive Scheduler Attacks (TSA) by AMD, include CVE-2024-36350 (TSA-SQ) and CVE-2024-36357 (TSA-L1).

      Maintenance updates

      • http-nbd-transfer:
        • Fix missing import exceptions in log files.
        • Fix a potential HA startup failure with LINSTOR.
      • xo-lite: update to 0.12.1
        • [Charts] Fix tooltip overflow when too close to the edge
        • [Host/VM/Dashboard] Fix timestamp on some charts

      Test on XCP-ng 8.3

      yum clean metadata --enablerepo=xcp-ng-testing
      yum update --enablerepo=xcp-ng-testing
      reboot
      

      The usual update rules apply: pool coordinator first, etc.

      Versions:

      • amd-microcode: 20250626-1.1.xcpng8.3
      • http-nbd-transfer: 1.7.0-1.xcpng8.3
      • xen: 4.17.5-15.1.xcpng8.3
      • xo-lite: 0.12.1-1.xcpng8.3

      What to test

      Normal use and anything else you want to test.

      Test window before official release of the updates

      ~2 days.

      posted in News
      gduperreyG
      gduperrey
    • RE: Installing Netdata Cloud on XCP Nodes

      We're not yet familiar with Netdata Cloud. Could you describe your requirements in more detail? What are you trying to accomplish?

      The installation and use of third-party packages for XCP-ng is described in the following documentation: https://docs.xcp-ng.org/management/additional-packages/

      We currently offer a version of Netdata in our repositories, but as a best-effort support option.

      If you install a version from another source, this is not supported by us. You must therefore be careful to ensure that what you install does not overwrite or modify packages already present and used by XCP-ng. Furthermore, this will not persist during a server upgrade (a major version change, such as from 8.2 to 8.3, for example), and you will need to install it again, taking the same precautions.

      posted in Compute
      gduperreyG
      gduperrey
    • RE: XCP-ng 8.2 updates announcements and testing

      Updates published: https://xcp-ng.org/blog/2025/07/03/july-2025-security-and-maintenance-update-for-xcp-ng-8-2-lts/

      Thank you for the tests!

      posted in News
      gduperreyG
      gduperrey
    • RE: XCP-ng 8.3 updates announcements and testing

      Updates published: https://xcp-ng.org/blog/2025/07/03/july-2025-security-and-maintenance-update-for-xcp-ng-8-3-lts/

      Thank you for the tests!

      posted in News
      gduperreyG
      gduperrey
    • RE: XCP-ng 8.3 updates announcements and testing

      New security and maintenance update candidate

      A new XSA (Xen Security Advisory) was published on the 1st of July, and an update to Xen addresses it. We also publish other non-urgent updates which we had in the pipe for the next release.


      Security updates

      • xen-*:
        • Fix XSA-470 - An unprivileged guest can cause a hypervisor crash, causing a Denial of Service (DoS) of the entire host.

      Maintenance updates

      • http-nbd-transfer: moved some logs into debug to reduce log spam
      • sm:
        • XOSTOR: avoid a rare migration error when the GC would run on our migration snapshot
        • Use GC daemon code for LINSTOR like other drivers (no changes for users)
          This updated package is already included in the refreshed 8.3 installation ISOs.
      • xapi:
        • Fix remote syslog configuration being broken on updates
        • Fix several RRD (stats collection) issues and make the plugins more robust:
          • Cap Derive values within a certain range without making them NaN
          • Use a computed delay time for RRD loop to prevent gaps in metrics collection
          • Avoid duplicating datasources on plugin restore
          • Protect against a resource leak in the plugins
          • Avoid running out of mmap-ed pages in xcp-rrdd-cpu for large numbers of domains
          • Prevent exceptions from escaping and introducing gaps into metrics collection
          • Avoid missing metrics from new and destroyed domains
        • Prevent xapi concurrent calls during migration from indirectly make each other fail (already fixed in the refreshed ISOs)
        • Fix a deadlock in xenopsd due to atom nesting (already fixed in the refreshed ISOs)
      • xo-lite: update to 0.12.0
        • [VM/system] Display system information in vm/system tab
        • [Host/system] Display system view information in host/system tab
        • [Host/Dashboard] Fix color of tag list (PR #8731)
        • [Table] add pagination on table (PR #8573)
        • [Pool/system] Display pool information in pool/system tab (PR #8660)
        • [VM/Dashboard] Display VM information in dashboard tab (PR #8529)
        • [Tab/Network] Updated side panel in tab network behavior for mobile view (PR #8688)
        • [Stats] Fix graphs that were sometimes not displayed or displayed incorrectly (PR #8722)

      Optional packages:

      • Alternate Driver: Updated to newer version.
        • broadcom-bnxt-en-alt: Update to version 1.10.3_232.0.155.5

      Test on XCP-ng 8.3

      yum clean metadata --enablerepo=xcp-ng-testing
      yum update --enablerepo=xcp-ng-testing
      reboot
      

      The usual update rules apply: pool coordinator first, etc.

      Versions:

      • http-nbd-transfer: 1.6.0-1.xcpng8.3
      • sm: 3.2.12-3.2.xcpng8.3
      • xapi: 25.6.0-1.9.xcpng8.3
      • xen: 4.17.5-13.2.xcpng8.3
      • xo-lite: 0.12.0-1.xcpng8.3

      Optional packages:

      • Alternate drivers:
        • broadcom-bnxt-en-alt: 1.10.3_232.0.155.5-1.xcpng8.3

      What to test

      Normal use and anything else you want to test.

      Test window before official release of the updates

      ~2 days.

      posted in News
      gduperreyG
      gduperrey
    • RE: XCP-ng 8.2 updates announcements and testing

      New security and maintenance update candidate

      A new XSA (Xen Security Advisory) was published on the 1st of July, and an update to Xen addresses it. We also publish other non-urgent updates which we had in the pipe for the next release.


      Security updates

      • xen-*:
        • Fix XSA-470 - An unprivileged guest can cause a hypervisor crash, causing a Denial of Service (DoS) of the entire host.

      Maintenance updates

      • openssh: fix low priority CVE-2025-26465 DoS attack when VerifyHostKeyDNS is "yes" or "ask" (The Default value has not changed: "no")
      • samba: fix low priority CVEs on client side.
      • xcp-ng-release: this update adds a certificate to resolve a TLS handshake error, particularly when deploying xoa.io.

      Test on XCP-ng 8.2

      yum clean metadata --enablerepo=xcp-ng-testing
      yum update --enablerepo=xcp-ng-testing
      reboot
      

      The usual update rules apply: pool coordinator first, etc.

      Versions:

      • openssh: 7.4p1-23.3.2.xcpng8.2
      • samba: 4.10.16-25.el7_9
      • xcp-ng-release: 8.2.1-16
      • xen: 4.13.5-9.49.2.xcpng8.2

      What to test

      Normal use and anything else you want to test.

      Test window before official release of the updates

      ~2 days.

      posted in News
      gduperreyG
      gduperrey