-
Updated my machine at home, no issue so far.
-
The same
-
This seems to be working well for me too.
-
@gduperrey Single 8.2.1 hosts and pools updated. All running fine. VMs working, CR CBT/NBD backup working.
-
New security update candidates for XCP-ng 8.2 LTS (xen, microcode_ctl)
Two new XSAs were published on November 12th 2024.
Intel published a microcode update on the November 12th 2024.NOTE: This was published soon after the previous testing updates, therefore, we did not publish the previous and everything will be published altogether.
- XSA-463 an unprivileged guest making two quick accesses to the VGA memory can deadlock a host.
- XSA-464 an unprivileged PVH guest may access sensitive information from the host, control domain or other guests.
SECURITY UPDATES
xen-*
:- Fix XSA-463 - Deadlock in x86 HVM standard VGA handling. A mistake in the locking of process of the "standard" VGA memory makes it possible for a guest to make 2 quick accesses and create a deadlock that will hang the host.
- Fix XSA-464 - libxl leaks data to PVH guests via ACPI tables. The ACPI tables for PVH guests initialization left the excess memory space with its previous content, which was then copied to the guest memory as it was, resulting in possible leak of sensitive information. This doesn't affect XCP-ng in its normal configuration, as only HVM and PV-in-PVH (not affected) guests are supported.
microcode_ctl
:- Latest Intel microcode update, published on November the 12th:
- Security updates for INTEL-SA-01101
- Security updates for INTEL-SA-01079
- Updated security updates for INTEL-SA-01097
- Updated security updates for INTEL-SA-01103
- Multiple other updates for functional issues.
- Latest Intel microcode update, published on November the 12th:
Test on XCP-ng 8.2
Install all the current update candidates: the ones we already made users test to prepare for the next train of updates, and the new ones which fix security vulnerabilities. We will release them all together.
yum clean metadata --enablerepo=xcp-ng-candidates,xcp-ng-testing yum update --enablerepo=xcp-ng-candidates,xcp-ng-testing reboot
The usual update rules apply: pool coordinator first, etc.
Versions:
Security updates:
xen
: 4.13.5-9.45.1.xcpng8.2microcode_ctl
: 2.1-26.xs29.6.xcpng8.2
The rest of the packages is described in the previous update candidate announcement.
What to test
Normal use and anything else you want to test.
Test window before official release of the update
~ 2 days because of security updates.
-
We also need you to test updates for XCP-ng 8.3. I created a new thread dedicated to XCP-ng 8.3, and renamed this present thread to make it dedicated to XCP-ng 8.2.
Please ensure you follow the new thread if you plan to help on testing XCP-ng 8.3.
New thread: https://xcp-ng.org/forum/topic/9964/xcp-ng-8-3-updates-announcements-and-testing
-
@gduperrey Installed and running on active pools.
-
Tested internally here, working as expected
-
Seems to be working well on my test servers.
-
We have identified an issue related to Xostor and HA management in the
http-nbd-transfer-1.4.0-1.xcpng8.2
package. We therefore prefer to remove it from these updates while waiting for a future corrected version.For those who have tested these updates and who have Xostor on their test pool, we invite you to downgrade this package to version 1.3.0 with the following command:
yum downgrade http-nbd-transfer