XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    XCP-ng 8.3 updates announcements and testing

    Scheduled Pinned Locked Moved News
    606 Posts 53 Posters 352.1k Views 73 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • rzrR Offline
      rzr Vates 🪐 XCP-ng Team
      last edited by

      New security update candidates for XCP-ng 8.3 LTS (kernel)

      This release batch contains security fix on kernel, version update, some bug fixes and a few improvements.

      What changed

      Virtualization & System

      • kernel: Fix Vulnerability: CVE-2026-46243

        • Fixed the CIFSwitch security vulnerability that could allow privilege escalation from a user with low privileges.
      • intel-microcode: Fix a hang on boot on some platforms (Revert Granite Rapids AP/SP ucode back to IPU 2026.1)

      Drivers

      • intel-ice: Update to 2.4.5
        • Adds support for E825-C and E830.
        • Adds support for Link Aggregation (LAG).
        • Various stability, performance, and bug-fix updates.

      Versions:

      • intel-ice: 1.15.5-2.xcpng8.3 -> 2.4.5-8.1.1.xcpng8.3
      • intel-microcode: 20260416-1.xcpng8.3 -> 20260416-2.xcpng8.3
      • kernel: 4.19.19-8.0.46.5.xcpng8.3 -> 4.19.19-8.0.46.6.xcpng8.3

      Test on XCP-ng 8.3

      yum clean metadata --enablerepo=xcp-ng-testing,xcp-ng-candidates
      yum update --enablerepo=xcp-ng-testing,xcp-ng-candidates
      reboot
      

      The usual update rules apply: pool coordinator first, etc.

      What to test

      As usual, normal use and anything else you want to test.

      Test window before official release of the updates

      ~3 days

      We would like to thank users who reported feedback since our last call for testing:

      @Andrew, @acebmxer, @flakpyro, @jeffberntsen, @majorp93, @marcoi, @ph7, @pilow, @probain.

      acebmxerA A B P J 7 Replies Last reply Reply Quote 0
      • acebmxerA Online
        acebmxer @rzr
        last edited by acebmxer

        @rzr

        Installed updates on home lab. No issues to report initially other then nslookup still an issue.

        [10:54 xcp-ng-haznrrtw ~]# nslookup vates.com 8.8.8.8
        Server:         8.8.8.8
        Address:        8.8.8.8#53
        
        Non-authoritative answer:
        Name:   vates.com
        Address: 104.21.52.238
        Name:   vates.com
        Address: 172.67.205.118
        
        openssl_link.c:132: INSIST(dst__memory_pool != ((void *)0)) failed, back trace
        #0 0x7f163cd960e7 in ??
        #1 0x7f163cd9603a in ??
        #2 0x7f163d9a3780 in ??
        #3 0x7f163c1aedf6 in ??
        #4 0x7f163c1f5464 in ??
        #5 0x7f163c1f5732 in ??
        #6 0x7f163c1f4b8d in ??
        #7 0x7f163a95fbd9 in ??
        #8 0x7f163a95fc27 in ??
        #9 0x7f163a94844c in ??
        #10 0x405818 in ??
        Aborted (core dumped)
        [12:50 xcp-ng-haznrrtw ~]# 
        
        F rzrR 2 Replies Last reply Reply Quote 2
        • F Offline
          flakpyro @acebmxer
          last edited by

          Installed on my usual hosts, one of which has an E810 and used the ICE driver, no issues so far however i am not using LACP bonding on that host.

          1 Reply Last reply Reply Quote 2
          • rzrR Offline
            rzr Vates 🪐 XCP-ng Team @acebmxer
            last edited by rzr

            @acebmxer said:

            @rzr
            No issues to report initially other then nslookup still an issue.

            openssl_link.c:132: INSIST(dst__memory_pool != ((void *)0)) failed, back trace
            

            Yes I looked at it, it looks like it's a design isssue that was fixed in later version of bind.

            In details If I understand correctly this patched version of nslookup is facing a SIGARBT caused by an assert on previously cleanup resources (dst__memory_pool) which is unexpected in finishing part of the openssl thread (dst__openssl_destroy).

            This bind patched version (where ssl support is in progress) is also known to have memory leaks, but those are resolved in later version, so until we catch up you'll probably have to live with this little annoyance on process exit unless we find (and validate) a better fix.

            1 Reply Last reply Reply Quote 1
            • A Offline
              Andrew Top contributor @rzr
              last edited by

              @rzr Installed and running. Not expecting any issues because I'm not using SMB/CIFS, ice card, or CPU with affected microcode.

              Rolling pool reboot failed me again... This time it got stuck evacuating a host with no VMs.

              M 1 Reply Last reply Reply Quote 1
              • B Offline
                bufanda @rzr
                last edited by

                @rzr Installed on my usual lab pool. No immediate issues seen.

                1 Reply Last reply Reply Quote 1
                • P Offline
                  ph7 @rzr
                  last edited by

                  @rzr
                  👍

                  1 Reply Last reply Reply Quote 0
                  • M Offline
                    manilx @Andrew
                    last edited by

                    @Andrew I have the RPU failing most of the time now also. I have reported and opened a ticket. No solution so far. It's a hit and miss and beginning to be a PITA.

                    P 1 Reply Last reply Reply Quote 0
                    • P Offline
                      Pilow @manilx
                      last edited by

                      @manilx yup, same here
                      we evacuate & roll patch manually because RPU is inconsistent in achieving a full pool update nowadays

                      maximum hosts in pools are 3, so it is still easy to process manually
                      thoses with 5-6+ hosts must be more painful

                      1 Reply Last reply Reply Quote 2
                      • olivierlambertO Offline
                        olivierlambert Vates 🪐 Co-Founder CEO
                        last edited by

                        That would be interesting to group your findings/issues on RPU in a dedicated topic, because I don't think the logic changed recently 🤔 So it's an interesting investigation to make.

                        1 Reply Last reply Reply Quote 1
                        • J Offline
                          JeffBerntsen Top contributor @rzr
                          last edited by

                          @rzr
                          Seems to be working well on my test systems as well.

                          1 Reply Last reply Reply Quote 1
                          • marcoiM Offline
                            marcoi
                            last edited by

                            update to latest test patches on 2nd pool. no issue. LACP worked, started UB26 VM on host 4 and live migrated to host 3.

                            1 Reply Last reply Reply Quote 1
                            • M Offline
                              MajorP93 @rzr
                              last edited by

                              @rzr Installed those security update candidates in my XCP-ng test environment.
                              So far no issues whatsoever. Basic operations all work. VMs running etc.

                              1 Reply Last reply Reply Quote 2
                              • rzrR Offline
                                rzr Vates 🪐 XCP-ng Team @rzr
                                last edited by rzr

                                rzr said:

                                New security update candidates for XCP-ng 8.3 LTS (kernel)

                                Test window before official release of the updates

                                ~3 days

                                The testing window is extended a bit, expect also a next batch (to be tested later this month).

                                It has been planned to group updates for the convenience of administrators (stay tuned in blog).

                                Meanwhile If you didn't notice yet, an updated xen-4.17.6-9.2.xcpng8.3 package landed in testing repo, it addresses some low risk vulnerabilities as reported at:

                                • VSA-2026-017 (XSA-491, CVE-2026-42487)
                                • VSA-2026-018 (XSA-492, CVE-2026-42489 - CVE-2026-42490),
                                • VSA-2026-019 (CVE-2025-10263, XSA-493)
                                • VSA-2026-020 (CVE-2026-42488, XSA-494)

                                More to come soon

                                B J acebmxerA A 4 Replies Last reply Reply Quote 2
                                • B Offline
                                  bufanda @rzr
                                  last edited by

                                  @rzr Installed all currently available patches on my lab pool. No issue so far in normal use.

                                  1 Reply Last reply Reply Quote 2
                                  • J Offline
                                    JeffBerntsen Top contributor @rzr
                                    last edited by

                                    @rzr

                                    Installed on my test systems and all seems well so far.

                                    1 Reply Last reply Reply Quote 2
                                    • acebmxerA Online
                                      acebmxer @rzr
                                      last edited by

                                      @rzr

                                      I also installed updates this morning no new issues to report.

                                      1 Reply Last reply Reply Quote 2
                                      • A Offline
                                        Andrew Top contributor @rzr
                                        last edited by

                                        @rzr Updates installed everywhere (on top of the previous updates). Rolling pool reboot worked this time (with correct prep).

                                        F 1 Reply Last reply Reply Quote 2
                                        • F Offline
                                          flakpyro @Andrew
                                          last edited by

                                          Installed on my usual test hosts. No issues so far.

                                          1 Reply Last reply Reply Quote 1
                                          • X Offline
                                            XCP-ng-JustGreat
                                            last edited by

                                            Installed latest updates on my four host home lab pool and a fifth standalone host with no apparent issues.

                                            1 Reply Last reply Reply Quote 2

                                            Hello! It looks like you're interested in this conversation, but you don't have an account yet.

                                            Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

                                            With your input, this post could be even better 💗

                                            Register Login
                                            • First post
                                              Last post