==================================================================== CERT-Renater Note d'Information No. 2020/VULN549 _____________________________________________________________________ DATE : 28/09/2020 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Citrix Hypervisor, XenServer. ===================================================================== https://support.citrix.com/article/CTX282314 _____________________________________________________________________ CTX282314 Citrix Hypervisor Security Update Created: 23 Sep 2020 | Modified: 23 Sep 2020 Applicable Products Citrix Hypervisor XenServer 7.1 XenServer 7.0 Description of Problem Several security issues have been identified in Citrix Hypervisor (formerly Citrix XenServer) that may allow privileged code in a guest VM to cause the host to crash or become unresponsive. In addition, unprivileged code in a PV guest VM may be able to cause that guest VM to crash. These issues affect all currently supported versions of Citrix Hypervisor up to and including Citrix Hypervisor 8.2 LTSR. These issues have the following identifiers: CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25602 CVE-2020-25603 CVE-2020-25604 Mitigating Factors What Customers Should Do Citrix has released hotfixes to address these issues. Citrix recommends that affected customers install these hotfixes as their patching schedule allows. The hotfixes can be downloaded from the following locations: Citrix Hypervisor 8.2 LTSR: CTX281575 – https://support.citrix.com/article/CTX281575 Citrix Hypervisor 8.1: CTX281574 – https://support.citrix.com/article/CTX281574 Citrix XenServer 7.1 LTSR CU2: CTX281572 – https://support.citrix.com/article/CTX281572 Citrix XenServer 7.0: CTX281571 – https://support.citrix.com/article/CTX281571 Acknowledgements What Citrix Is Doing Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at http://support.citrix.com/. To receive future security bulletins, customers can update their support notifications at https://support.citrix.com/user/alerts or subscribe to the RSS feed at https://support.citrix.com/feeds. Obtaining Support on This Issue If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at https://www.citrix.com/support/open-a-support-case.html. Reporting Security Vulnerabilities Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For details on our vulnerability response process and guidance on how to report security-related issues to Citrix, please see the following webpage: – https://www.citrix.com/about/trust-center/vulnerability-process.html Changelog Date Change 2020-09-22 Initial Publication ========================================================= + CERT-RENATER       |    tel : 01-53-94-20-44          + + 23/25 Rue Daviel   |    fax : 01-53-94-20-41          + + 75013 Paris        |    email:cert@support.renater.fr + =========================================================