服务器官方技术文章【转载】
1748111 成员
3831 在线
108758 解答
新建帖子

Citrix XenServer Multiple Security Updates

 
cicong
兼职投稿人

Citrix XenServer Multiple Security Updates

Description of Problem

A number of security vulnerabilities have been identified in Citrix XenServer. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including version 6.1.

The following vulnerabilities have been addressed:

• CVE-2013-1918: Several long latency operations are not pre-emptible

• CVE-2013-1919: Several access permissions with IRQs for unprivileged guests

• CVE-2013-1952: VT-d interrupt remapping source validation flaw for bridges

• CVE-2013-1964: grant table hypercall acquire/release imbalance

Mitigating Factors

Customers on versions of XenServer prior to XenServer 6.0 are only affected by CVE-2013-1918 which is a host denial of service attack.

What Customers Should Do

Hotfixes have been released to address this issue. Citrix recommends that affected customers install the relevant hotfix, which can be downloaded from the following locations:

Citrix XenServer 6.2: CTX138349– Hotfix XS62E002 - For XenServer 6.2.0

Citrix XenServer 6.1: CTX137675– Hotfix XS61E022 - For XenServer 6.1.0

Citrix XenServer 6.0.2: CTX137673- Hotfix XS602E023 - For XenServer 6.0.2 

Customers using Citrix XenServer 6.0.2 in the Common Criteria evaluated configuration should apply the following hotfix: CTX137674 - Hotfix XS602ECC005 - For XenServer 6.0.2 Common Criteria

Citrix XenServer 6.0.0: CTX137672 - Hotfix XS60E029 - For XenServer 6.0

Citrix XenServer 5.6 Service Pack 2: CTX137671 - Hotfix XS56ESP2028 - For XenServer 5.6 Service Pack 2 

Citrix XenServer 5.6 Feature Pack 1: CTX137670 - Hotfix XS56EFP1018 - For XenServer 5.6 Feature Pack 1 

Citrix XenServer 5.6: CTX137668 - Hotfix XS56E019 - For XenServer 5.6 

Customers using Citrix XenServer 5.6 in the Common Criteria evaluated configuration should apply the following hotfix: CTX137669 - Hotfix XS56ECC008 - For XenServer 5.6 Common Criteria 

Customers using Citrix XenServer 5.5 Update 2 or Citrix XenServer 5.0 Update 3 are affected by CVE-2013-1918. Customers on these versions that require a mitigation should upgrade to a maintained version of Citrix XenServer. Further guidance on this may be obtained from Citrix support.