Updates announcements and testing
The update for XCP-ng 8.1 has now been pushed to the official updates repositories.
The update for XCP-ng 8.0 is now available for testing:
- Update with
yum update xen-dom0-libs xen-dom0-tools xen-hypervisor xen-libs xen-tools --enablerepo=xcp-ng-testing
- Check that your host(s) still work (Spoiler: they will).
- Report here
- Receive our gratitude
- Update with
New call for testing the XCP-ng 8.0 update candidate. I'd like to publish it today.
@stormi I tried insalling the 8.0 update with the command you have listed but nothing installs on the server
yum update xen-dom0-libs xen-dom0-tools xen-hypervisor xen-libs xen-tools --enablerepo=xcp-ng-testing Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Excluding mirror: updates.xcp-ng.org * xcp-ng-base: mirrors.xcp-ng.org Excluding mirror: updates.xcp-ng.org * xcp-ng-testing: mirrors.xcp-ng.org Excluding mirror: updates.xcp-ng.org * xcp-ng-updates: mirrors.xcp-ng.org No packages marked for update
I just pushed the update to the official updates repository. Maybe you installed it already, if you ran
@stormi Yup, I did just before trying to install the test update so I must have gotten it after you published. Everything seems to be working fine here afterward.
New security update
We'll push security updates for XCP-ng 8.1 before the end of the week, and for XCP-ng 8.0 as soon as possible.
On 8.1, please test with:
yum clean all --enablerepo=xcp-ng-testing yum update kernel xapi-core xapi-tests xapi-xe xcp-networkd xen-dom0-libs xen-dom0-tools xen-hypervisor xen-libs xen-tools --enablerepo=xcp-ng-testing reboot
As usual, the objective of the test is to confirm that everything still works as well as before the update.
I'll post a separate message when an update candidate is available for XCP-ng 8.0.
I have published the security updates for XCP-ng 8.1, so you can already update your hosts.
The blog post will be published a bit later, at the same time as the XCP-ng 8.0 update.
Updates pushed for XCP-ng 8.0, however there remain two CVEs that we couldn't fix, and since XCP-ng 8.0 will soon be EOL, we will probably not fix them: http://xenbits.xen.org/xsa/advisory-331.html and http://xenbits.xen.org/xsa/advisory-332.html
Users of XCP-ng 8.0 should review these and consider upgrading soon. The risk mostly depends on whether there's untrusted workload running in the VMs. If the risk is acceptable, you may wait for the XCP-ng 8.2 release in order to update directly to the LTS.
@stormi Updated my 8.0 test server and all seems to be working just fine so far.
Blog announcement published yesterday: https://xcp-ng.org/blog/2020/11/02/november-2020-security-updates/
New security update candidate - Another Intel CPU vulnerability
Security update candidates are available for testing for XCP-ng 8.1. They address the "Platypus" vulnerability.
yum clean all --enablerepo=xcp-ng-testing yum update microcode_ctl xen-dom0-libs xen-dom0-tools xen-hypervisor xen-libs xen-tools --enablerepo=xcp-ng-testing
Feedback welcome before the imminent broad release.
XCP-ng 8.0 will not receive fixes any more
Update published. Blog post to follow soon.
New security update candidate - - the third in one month
A vulnerability has been found in the patch that fixed a previous vulnerability. It may allow a privileged user in a guest VM with a PCI passthrough device to compromise the host.
Update candidates are available for XCP-ng 8.1 and 8.2:
yum clean all --enablerepo=xcp-ng-testing yum update xen-dom0-libs xen-dom0-tools xen-hypervisor xen-libs xen-tools --enablerepo=xcp-ng-testing
Please install them and report to confirm that everything is working as expected.
@stormi updated my three host playlab (8.2.0 fully patched) with no problem. Kicked around some VMs (starting, stopping, live migration, delete, restore from backup, snapshot) but no serious testing. Everything worked fine.
Thanks @gskger for the feedback. The update has been pushed on Wednesday evening and the blog post published yesterday: https://xcp-ng.org/blog/2020/11/26/security-and-bugfix-update-cve/
For XCP-ng 8.2, updates also include UEFI support fixes.
@stormi thank you as well for regulary pushing out security updates and bugfixes . Makes me feel comfortable to have a solid virtualization environment (even with a non-commercial homelab) .
Thank you for the feedback also Ideally, we'd like to have more people like you!
A reminder about this thread and what it's for.
This is where we announce new update candidates for stable releases of XCP-ng, so that you can provide feedback before we push them to the updates repositories for everyone.
For security-related updates, we usually need quick feedback.
Anyone can test. Just:
- Subscribe to this thread (and make sure to enable mail notifications in your forum settings)
- Install the update candidates when we announce one (we usually provide the installation instructions)
- Check that you don't spot any obvious regression. We're not asking that you do extensive QA of the updates for us, just that you can confirm that it works for you.
See you in the next few days for a new batch of security updates
New security updates candidates
Update candidates are ready for XCP-ng 8.1 and 8.2.
Install them with:
yum clean all --enablerepo=xcp-ng-testing yum update kernel xen-dom0-libs xen-dom0-tools xen-hypervisor xen-libs xen-tools xenopsd xenopsd-cli xenopsd-xc --enablerepo=xcp-ng-testing
Please install them and report to confirm that everything is still working as expected.