- Community Home
- >
- HPE Community, China
- >
- 服务器
- >
- 服务器官方技术文章【转载】
- >
- Citrix XenServer Multiple Security Updates
类别
Company
Local Language
论坛
讨论平台
论坛
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
讨论平台
论坛
讨论平台
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
论坛
博客
- 将帖子标记为未读
- 加注书签
- 订阅
- 禁止
- 订阅此主题的 RSS 提要
- 高亮显示此帖
- 打印此帖
- 报告不当内容
修改时间 09-01-2014 10:06 AM
修改时间 09-01-2014 10:06 AM
Citrix XenServer Multiple Security Updates
Description of Problem
A number of security vulnerabilities have been identified in Citrix XenServer. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including version 6.1.
The following vulnerabilities have been addressed:
• CVE-2013-1918: Several long latency operations are not pre-emptible
• CVE-2013-1919: Several access permissions with IRQs for unprivileged guests
• CVE-2013-1952: VT-d interrupt remapping source validation flaw for bridges
• CVE-2013-1964: grant table hypercall acquire/release imbalance
Mitigating Factors
Customers on versions of XenServer prior to XenServer 6.0 are only affected by CVE-2013-1918 which is a host denial of service attack.
What Customers Should Do
Hotfixes have been released to address this issue. Citrix recommends that affected customers install the relevant hotfix, which can be downloaded from the following locations:
Citrix XenServer 6.2: CTX138349– Hotfix XS62E002 - For XenServer 6.2.0
Citrix XenServer 6.1: CTX137675– Hotfix XS61E022 - For XenServer 6.1.0
Citrix XenServer 6.0.2: CTX137673- Hotfix XS602E023 - For XenServer 6.0.2
Customers using Citrix XenServer 6.0.2 in the Common Criteria evaluated configuration should apply the following hotfix: CTX137674 - Hotfix XS602ECC005 - For XenServer 6.0.2 Common Criteria
Citrix XenServer 6.0.0: CTX137672 - Hotfix XS60E029 - For XenServer 6.0
Citrix XenServer 5.6 Service Pack 2: CTX137671 - Hotfix XS56ESP2028 - For XenServer 5.6 Service Pack 2
Citrix XenServer 5.6 Feature Pack 1: CTX137670 - Hotfix XS56EFP1018 - For XenServer 5.6 Feature Pack 1
Citrix XenServer 5.6: CTX137668 - Hotfix XS56E019 - For XenServer 5.6
Customers using Citrix XenServer 5.6 in the Common Criteria evaluated configuration should apply the following hotfix: CTX137669 - Hotfix XS56ECC008 - For XenServer 5.6 Common Criteria
Customers using Citrix XenServer 5.5 Update 2 or Citrix XenServer 5.0 Update 3 are affected by CVE-2013-1918. Customers on these versions that require a mitigation should upgrade to a maintained version of Citrix XenServer. Further guidance on this may be obtained from Citrix support.