==================================================================== CERT-Renater Note d'Information No. 2017/VULN138 _____________________________________________________________________ DATE : 04/05/2017 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running XenServer versions 7.1, 7.0, 6.5, 6.2.0, 6.0.2. ===================================================================== https://support.citrix.com/article/CTX223291 ____________________________________________________________________ CTX223291 Citrix XenServer Multiple Security Updates Security Bulletin | High | Created: 02 May 2017 | Modified: 02 May 2017 Applicable Products XenServer 7.1 XenServer 7.0 XenServer 6.5 XenServer 6.2.0 XenServer 6.0.2 Description of Problem A number of security issues have been identified within Citrix XenServer. These issues could, if exploited, allow a malicious administrator of a PV guest VM to compromise the host. The issues have the identifiers: CVE-TBA1 (High): x86: 64bit PV guest breakout via pagetable use-after-mode-change CVE-TBA2 (High): grant transfer allows PV guest to elevate privileges CVE-TBA3 (Low): possible memory corruption via failsafe callback Mitigating Factors Customers using only HVM guest VMs are not affected. Note that all Microsoft Windows VMs are HVM. To exploit these issues from a 32-bit PV guest VM, collaboration with the administrator of either an HVM guest VM or a 64-bit PV guest VM on the same host is required. Customers using only 32-bit PV VMs are not affected. What Customers Should Do Hotfixes have been released to address these issues. Citrix recommends that affected customers install these hotfixes, which can be downloaded from the following locations: Citrix XenServer 7.1: CTX223290 – https://support.citrix.com/article/CTX223290 Citrix XenServer 7.0: CTX223289 – https://support.citrix.com/article/CTX223289 Citrix XenServer 6.5 SP1: CTX223288 – https://support.citrix.com/article/CTX223288 Citrix XenServer 6.2 SP1: CTX223287 – https://support.citrix.com/article/CTX223287 Citrix XenServer 6.0.2 Common Criteria: CTX223286– https://support.citrix.com/article/CTX223286 Customers who are using the Live Patching feature of Citrix XenServer 7.1 may apply the relevant hotfix without requiring a reboot. What Citrix Is Doing Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at http://support.citrix.com/. Obtaining Support on This Issue If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at https://www.citrix.com/support/open-a-support-case.html. Reporting Security Vulnerabilities Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – Reporting Security Issues to Citrix Changelog Date Change 2nd May 2017 Initial Publishing ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================