服务器官方技术文章【转载】
取消
显示结果 
搜索替代 
您的意思是: 

Security vulnerability in Citrix XenServer

cicong
兼职投稿人

Security vulnerability in Citrix XenServer

Description of Problem

A security vulnerability has been identified in Citrix XenServer PV guest kernel loading that could allow a malicious guest administrator to compromise the XenServer host. This vulnerability affects all currently supported versions of Citrix XenServer up to and including version 6.2.

The vulnerability is:

• CVE-2013-2194, CVE-2013-2195, CVE-2013-2196: Vulnerabilities in libelf PV kernel handling

Mitigating Factors

Customers that are running only HVM guests (e.g. Microsoft Windows) are unaffected.

The vulnerability can only be exploited whilst a PV guest is booting; once the guest has booted, the vulnerability cannot be exploited until the guest is next rebooted.

What Customers Should Do

Hotfixes have been released to address this issue. Citrix strongly recommends that affected customers install the relevant hotfix, which can be downloaded from the locations below.

Please note that these hotfixes have been updated following the initial release of earlier, incomplete fixes to correct this issue.

Citrix XenServer 6.2: CTX138349– Hotfix XS62E002 - For XenServer 6.2.0

Citrix XenServer 6.1: CTX138038 – Hotfix XS61E024 - For XenServer 6.1.0

Citrix XenServer 6.0.2: CTX138036 - Hotfix XS602E025 - For XenServer 6.0.2

Customers using Citrix XenServer 6.0.2 in the Common Criteria evaluated configuration should apply the following hotfix: CTX138037 - Hotfix XS602ECC006 - For XenServer 6.0.2 Common Criteria 

Citrix XenServer 6.0.0: CTX138035 - Hotfix XS60E033 - For XenServer 6.0

Citrix XenServer 5.6 Service Pack 2: CTX138345 - Hotfix XS56ESP2032 - For XenServer 5.6 Service Pack 2 

Citrix XenServer 5.6 Feature Pack 1: CTX138344 - Hotfix XS56EFP1020 - For XenServer 5.6 Feature Pack 1 

Citrix XenServer 5.6: CTX138031 - Hotfix XS56E020 - For XenServer 5.6

Customers using Citrix XenServer 5.6 in the Common Criteria evaluated configuration should apply the following hotfix: CTX138343 - Hotfix XS56E021 - For XenServer 5.6 

Citrix XenServer 5.5 Update 2: CTX138342 - Hotfix XS55EU2018 - For XenServer 5.5 Update 2

Citrix XenServer 5.0 Update 3: CTX138341 - Hotfix XS50EU3018 - For XenServer 5.0 Update 3