XCP-ng December 2023 Security Update Now Available

XCP-ng December 2023 Security Update Now Available

  • December 8, 2023

XCP-ng , the popular virtualization platform, has released its latest security update for the month of December. The update is specifically for the 8.2 LTS release, which is currently the only supported version of XCP-ng.

The update includes fixes for vulnerabilities in Xen and linux-firmware in the controller domain. These vulnerabilities have been addressed to ensure the security of the virtual machines running on the platform.

One of the fixed vulnerabilities, labeled XSA-445 , addresses a mismatch in IOMMU quarantine page table levels on x86 AMD systems . This vulnerability could potentially allow a device in quarantine mode to access leaked data from previously quarantined pages. Although this feature is not enabled by default in XCP-ng, it can still be enabled at Xen boot time.

The second fixed vulnerability, XSA-446 , deals with memory content inference in PV guests. XCP-ng strongly advises against using PV guests and recommends switching to HVM for better security. If you are still using PV guests, it is highly recommended to consider making the switch.

In addition to the security updates, XCP-ng has also released non-security updates to pave the way for upcoming refreshed installation ISOs. These updates include improvements to the linux-firmware, gpumon, tzdata, and vendor-drivers components.

The linux-firmware update includes an update to the AMD microcode, specifically for the family 19h (Zen 3, Zen3+). This update helps mitigate hardware vulnerabilities and bugs. However, it is important to note that updating the hardware’s firmware remains the preferred method for updating microcode, and any newer microcode found in the firmware will take precedence over the microcode provided in XCP-ng.

Other changes include a small change to suppress unnecessary logging in gpumon, updated timezones with the latest CentOS 7 update of the tzdata package, and the integration of new drivers into XCP-ng in preparation for the upcoming refreshed installation ISOs. These new drivers include the igc module for Intel device drivers for I225/I226, the r8125 module for Realtek r8125 device drivers, and the mpi3mr module for Broadcom mpi3mr RAID device drivers.

Overall, the December 2023 security update for XCP-ng brings important security fixes and improvements to the virtualization platform, ensuring the safety and performance of virtual machines. Users are encouraged to update their systems to benefit from these enhancements and to maintain a secure environment for their workloads.

Tags :
comments powered by Disqus

Related Posts

Uptime Kuma Releases Version 1.23.7

Uptime Kuma has recently released version 1.23.7 , bringing a range of improvements, bug fixes, and security fixes to the popular server monitoring tool.

Read More

OpenWrt 23.05 Release: Enhanced Security, Rust Integration and Broad Device Support

OpenWrt 23.05, the open-source Linux operating system for routers and resource-constrained headless embedded systems, has just been released with significant updates and improvements.

Read More

GLAuth Releases Version 2.3.0: Lightweight LDAP Server for Development, Home Lab, or CI/CD

Go-lang LDAP Authentication (GLAuth) has released version 2.3.0 of its lightweight LDAP server, providing a secure and easy-to-use solution for development, home lab use, or CI/CD environments.

Read More