服务器官方技术文章【转载】
取消
显示结果 
搜索替代 
您的意思是: 

Citrix XenServer Multiple Security Updates 6.2

cicong
兼职投稿人

Citrix XenServer Multiple Security Updates 6.2

Description of Problem

A security vulnerability has been identified in Citrix XenServer PV guest kernel loading that could allow a malicious guest administrator to compromise the XenServer host. This vulnerability affects all currently supported versions of Citrix XenServer up to and including version 6.2.

The vulnerability is:

• CVE-2013-2194, CVE-2013-2195, CVE-2013-2196: Vulnerabilities in libelf PV kernel handling

Mitigating Factors

Customers that are running only HVM guests (e.g. Microsoft Windows) are unaffected.

The vulnerability can only be exploited whilst a PV guest is booting; once the guest has booted, the vulnerability cannot be exploited until the guest is next rebooted.

What Customers Should Do

Hotfixes have been released to address this issue. Citrix strongly recommends that affected customers install the relevant hotfix, which can be downloaded from the locations below.

Please note that these hotfixes have been updated following the initial release of earlier, incomplete fixes to correct this issue.

Citrix XenServer 6.2: CTX138349– Hotfix XS62E002 - For XenServer 6.2.0

Citrix XenServer 6.1: CTX138038 – Hotfix XS61E024 - For XenServer 6.1.0

Citrix XenServer 6.0.2: CTX138036 - Hotfix XS602E025 - For XenServer 6.0.2

Customers using Citrix XenServer 6.0.2 in the Common Criteria evaluated configuration should apply the following hotfix: CTX138037 - Hotfix XS602ECC006 - For XenServer 6.0.2 Common Criteria 

Citrix XenServer 6.0.0: CTX138035 - Hotfix XS60E033 - For XenServer 6.0

Citrix XenServer 5.6 Service Pack 2: CTX138345 - Hotfix XS56ESP2032 - For XenServer 5.6 Service Pack 2 

Citrix XenServer 5.6 Feature Pack 1: CTX138344 - Hotfix XS56EFP1020 - For XenServer 5.6 Feature Pack 1 

Citrix XenServer 5.6: CTX138031 - Hotfix XS56E020 - For XenServer 5.6

Customers using Citrix XenServer 5.6 in the Common Criteria evaluated configuration should apply the following hotfix: CTX138343 - Hotfix XS56E021 - For XenServer 5.6 

Citrix XenServer 5.5 Update 2: CTX138342 - Hotfix XS55EU2018 - For XenServer 5.5 Update 2

Citrix XenServer 5.0 Update 3: CTX138341 - Hotfix XS50EU3018 - For XenServer 5.0 Update 3

What Citrix Is Doing

Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at http://support.citrix.com/.

Obtaining Support on This Issue

If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at http://www.citrix.com/site/ss/supportContacts.asp.

Reporting Security Vulnerabilities to Citrix

Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. If you would like to report a security issue to Citrix, please compose an e-mail to secure@citrix.com stating the exact version of the product in which the vulnerability was found and the steps needed to reproduce the vulnerability.