-
IMPORTANT Security updates!
Calling all stations
Please test it with
yum update qemu --enablerepo=xcp-ng-testing.Might be a bad flaw, so earlier people get feedback, faster we can release it
-
@olivierlambert said in Updates announcements and testing:
qemu
Does this require a reboot or toolstack restart?
-
Good question. If I'm reading this correctly:
Once the hotfix has been applied, the affected guest HVM VMs will need to be restarted or migrated to an updated host to make the remediation effective.
In short, fresh
qemu"fixed" process will be respawn at VM creation/reboot, so no need to reboot the host. -
Updated a D54250WYK / i5-4250U / 16GB
XCP-ng 8.1 fully patched including the update candidates from 11 days agoUpdate ran succesfully (no errors).
Rebooted the host just to be sure.
VMs came up with no problem and seem to work as expected (but I realy just fired them up and poked around a bit, so no real testing) -
Thanks a lot!
-
Updated Dell R620 / XCP-ng 8.1. Rebooting all VMs now, but they appear to be coming up just fine.
-
It's live
Thanks for the feedback! -
New security update candidate for the Xen package in XCP-ng!
Prompt feedback needed
So, a new patch of security patches were released for the Xen hypervisor that is at the core of XCP-ng. Updates candidates are available for XCP-ng 8.1 and in the making for XCP-ng 8.0.
What's being fixed
Mostly flaws allowing privileged guest processes may crash the host under certain conditions.
XCP-ng 8.1
- Update with
yum update xen-dom0-libs xen-dom0-tools xen-hypervisor xen-libs xen-tools --enablerepo=xcp-ng-testing - Reboot.
- Check that your host(s) still work (Spoiler: they will).
- Report here
- Receive our gratitude
XCP-ng 8.0
Coming soon
- Update with
-
@stormi Updated a D54250WYK / i5-4250U / 16GB / XCP-ng 8.1 fully patched
Host is indeed working and VMs started without any issues.
Will try on my new R720 later, but I am confident that it will work as well.
Nice work as always
Edit: Updated a Dell R720 / dual Intel Xeon CPU E5-2640 v2 / 128 GB / XCP-ng 8.1 fully patched as well. All good.
-
The bug/security patches upstream never seem to end. Seems like since April all you guys have had time for is this...
-
The update for XCP-ng 8.1 has now been pushed to the official updates repositories.
The update for XCP-ng 8.0 is now available for testing:
- Update with
yum update xen-dom0-libs xen-dom0-tools xen-hypervisor xen-libs xen-tools --enablerepo=xcp-ng-testing - Reboot.
- Check that your host(s) still work (Spoiler: they will).
- Report here
- Receive our gratitude
- Update with
-
New call for testing the XCP-ng 8.0 update candidate. I'd like to publish it today.
-
@stormi I tried insalling the 8.0 update with the command you have listed but nothing installs on the server
yum update xen-dom0-libs xen-dom0-tools xen-hypervisor xen-libs xen-tools --enablerepo=xcp-ng-testing Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Excluding mirror: updates.xcp-ng.org * xcp-ng-base: mirrors.xcp-ng.org Excluding mirror: updates.xcp-ng.org * xcp-ng-testing: mirrors.xcp-ng.org Excluding mirror: updates.xcp-ng.org * xcp-ng-updates: mirrors.xcp-ng.org No packages marked for update -
I just pushed the update to the official updates repository. Maybe you installed it already, if you ran
yum update. -
-
@stormi Yup, I did just before trying to install the test update so I must have gotten it after you published. Everything seems to be working fine here afterward.
-
New security update
We'll push security updates for XCP-ng 8.1 before the end of the week, and for XCP-ng 8.0 as soon as possible.On 8.1, please test with:
yum clean all --enablerepo=xcp-ng-testing yum update kernel xapi-core xapi-tests xapi-xe xcp-networkd xen-dom0-libs xen-dom0-tools xen-hypervisor xen-libs xen-tools --enablerepo=xcp-ng-testing rebootAs usual, the objective of the test is to confirm that everything still works as well as before the update.
I'll post a separate message when an update candidate is available for XCP-ng 8.0.
-
I have published the security updates for XCP-ng 8.1, so you can already update your hosts.
The blog post will be published a bit later, at the same time as the XCP-ng 8.0 update.
-
Updates pushed for XCP-ng 8.0, however there remain two CVEs that we couldn't fix, and since XCP-ng 8.0 will soon be EOL, we will probably not fix them: http://xenbits.xen.org/xsa/advisory-331.html and http://xenbits.xen.org/xsa/advisory-332.html
Users of XCP-ng 8.0 should review these and consider upgrading soon. The risk mostly depends on whether there's untrusted workload running in the VMs. If the risk is acceptable, you may wait for the XCP-ng 8.2 release in order to update directly to the LTS.
-
@stormi Updated my 8.0 test server and all seems to be working just fine so far.
