Updates announcements and testing
I just pushed the update to the official updates repository. Maybe you installed it already, if you ran
@stormi Yup, I did just before trying to install the test update so I must have gotten it after you published. Everything seems to be working fine here afterward.
New security update
We'll push security updates for XCP-ng 8.1 before the end of the week, and for XCP-ng 8.0 as soon as possible.
On 8.1, please test with:
yum clean all --enablerepo=xcp-ng-testing yum update kernel xapi-core xapi-tests xapi-xe xcp-networkd xen-dom0-libs xen-dom0-tools xen-hypervisor xen-libs xen-tools --enablerepo=xcp-ng-testing reboot
As usual, the objective of the test is to confirm that everything still works as well as before the update.
I'll post a separate message when an update candidate is available for XCP-ng 8.0.
I have published the security updates for XCP-ng 8.1, so you can already update your hosts.
The blog post will be published a bit later, at the same time as the XCP-ng 8.0 update.
Updates pushed for XCP-ng 8.0, however there remain two CVEs that we couldn't fix, and since XCP-ng 8.0 will soon be EOL, we will probably not fix them: http://xenbits.xen.org/xsa/advisory-331.html and http://xenbits.xen.org/xsa/advisory-332.html
Users of XCP-ng 8.0 should review these and consider upgrading soon. The risk mostly depends on whether there's untrusted workload running in the VMs. If the risk is acceptable, you may wait for the XCP-ng 8.2 release in order to update directly to the LTS.
@stormi Updated my 8.0 test server and all seems to be working just fine so far.
Blog announcement published yesterday: https://xcp-ng.org/blog/2020/11/02/november-2020-security-updates/
New security update candidate - Another Intel CPU vulnerability
Security update candidates are available for testing for XCP-ng 8.1. They address the "Platypus" vulnerability.
yum clean all --enablerepo=xcp-ng-testing yum update microcode_ctl xen-dom0-libs xen-dom0-tools xen-hypervisor xen-libs xen-tools --enablerepo=xcp-ng-testing
Feedback welcome before the imminent broad release.
XCP-ng 8.0 will not receive fixes any more
Update published. Blog post to follow soon.
New security update candidate - - the third in one month
A vulnerability has been found in the patch that fixed a previous vulnerability. It may allow a privileged user in a guest VM with a PCI passthrough device to compromise the host.
Update candidates are available for XCP-ng 8.1 and 8.2:
yum clean all --enablerepo=xcp-ng-testing yum update xen-dom0-libs xen-dom0-tools xen-hypervisor xen-libs xen-tools --enablerepo=xcp-ng-testing
Please install them and report to confirm that everything is working as expected.
gskger last edited by gskger
@stormi updated my three host playlab (8.2.0 fully patched) with no problem. Kicked around some VMs (starting, stopping, live migration, delete, restore from backup, snapshot) but no serious testing. Everything worked fine.
Thanks @gskger for the feedback. The update has been pushed on Wednesday evening and the blog post published yesterday: https://xcp-ng.org/blog/2020/11/26/security-and-bugfix-update-cve/
For XCP-ng 8.2, updates also include UEFI support fixes.
gskger last edited by
@stormi thank you as well for regulary pushing out security updates and bugfixes . Makes me feel comfortable to have a solid virtualization environment (even with a non-commercial homelab) .
Thank you for the feedback also Ideally, we'd like to have more people like you!