Category: XenServer

Hotfix XS61E018 for XenServer 6.1.0

Citrix has released a new hotfix for XenServer 6.1.0.

This is a hotfix for customers running XenServer 6.1.0.

IMPORTANT:

  • For customers requiring the Cisco fnic driver, a driver disk compatible with this hotfix was issued in CTX137403 – Driver Disk for Cisco fnic v1.5.0.20 – For XenServer 6.1.0. Customers must apply the compatible driver before applying this hotfix.
  • Any other issued driver disk and the Driver Development Kit (DDK) for XenServer 6.1.0 must be updated to be compatible with this hotfix. See CTX137629 – Driver Disks for XenServer 6.1.0 with Hotfix XS61E018 for a list of the affected driver disks that must also be updated.
  • After applying the hotfix to all hosts in a pool, customers should update the required driver disks before rebooting the XenServer hosts.

Issues Resolved In This Hotfix Continue reading “Hotfix XS61E018 for XenServer 6.1.0”

Citrix XenServer Multiple Security Updates

A number of security vulnerabilities have been identified in Citrix XenServer. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including version 6.1.

The following vulnerabilities have been addressed:

  • CVE-2013-1918: Several long latency operations are not pre-emptible
  • CVE-2013-1919: Several access permissions with IRQs for unprivileged guests
  • CVE-2013-1952: VT-d interrupt remapping source validation flaw for bridges
  • CVE-2013-1964: grant table hypercall acquire/release imbalance

Mitigating Factors

Customers on versions of XenServer prior to XenServer 6.0 are only affected by CVE-2013-1918 which is a host denial of service attack. Continue reading “Citrix XenServer Multiple Security Updates”

Citrix XenServer Security Update (for all versions)

A security vulnerability has been identified in Citrix XenServer. This vulnerability allows an unprivileged user of a guest VM to crash the host.

The vulnerability is identified as:

• CVE-2013-1917: Xen PV DoS vulnerability with SYSENTER

Mitigating Factors

The vulnerability can only be exploited from PV guest VMs running on Intel CPUs.

Hotfixes

Hotfixes have been released to address this issue. Citrix recommends that affected customers install the relevant hotfix, which can be downloaded from the following locations:

Citrix XenServer 6.1: CTX137487 – Hotfix XS61E019 – For XenServer 6.1.0

Citrix XenServer 6.0.2: CTX137486 – Hotfix XS602E022 – For XenServer 6.0.2

Citrix XenServer 6.0.0: CTX137484 – Hotfix XS60E028 – For XenServer 6.0

Citrix XenServer 5.6 Service Pack 2: CTX137483 – Hotfix XS56ESP2027 – For XenServer 5.6 Service Pack 2

Citrix XenServer 5.6 Feature Pack 1: CTX137482 – Hotfix XS56EFP1017 – For XenServer 5.6 Feature Pack 1

Citrix XenServer 5.6: CTX137481 – Hotfix XS56E018 – For XenServer 5.6

Citrix XenServer 5.5 Update 2: CTX137480 – Hotfix XS55EU2016 – For XenServer 5.5 Update 2

Citrix XenServer 5.0 Update 3: CTX137479 – Hotfix XS50EU3016 – For XenServer 5.0 Update 3

Read the original KB article here.

Hotfix XS61E012 for XenServer 6.1.0

Citrix has released hotfix 12 (XS610E012) for XenServer 6.1.0 today.

This hotfix resolves the following issues:

  1. If a Virtual Machine (VM) running on a pool member is shut down when the XAPI service is not running, the associated Virtual Disks Images (VDIs) do not get detached.
  2. After shutting down a VM, attempts to immediately destroy a Virtual Block Device (VBD) attached to the VM will fail. This is due a race condition which marks the VBD as attached – even when the VM is shut down.
  3. When the Pool Master is unavailable, attempts to restart the XAPI service on a pool member can result in a failure to set up the management interface. Continue reading “Hotfix XS61E012 for XenServer 6.1.0”

Hotfix XS602E018 for XenServer 6.0.2

xenserver6Citrix has released a new hotfix for XenServer 6.0.2.

What’s fixed:

  1. This hotfix provides improvements to the way in which XenServer logs are captured during a host crash.
  2. The clock running inside the control domain (dom0) can randomly move forward by 50 minutes due to a bug in the Xen hypervisor. When this happens, Virtual Machines (VM) which follow the dom0 wallclock settings may be affected and display the incorrect time.

In addition, this hotfix includes the following previously released hotfixes.

Download:

You can download and read the installation instructions here.

Hotfix XS61E009 & XS61E010 for XenServer 6.1.0

Citrix has released 2 hotfixes for XenServer 6.1. These 2 fixes need to be applied together. You can’t install 1 of the 2 fixes. These are seperate downloads and need to be installed in this order:

  1. XS61E009
  2. XS61E010

Hotfix XS61E009

This is a hotfix for customers running XenServer 6.1.0. This is the first part of a two component fix, customers should install CTX136253 after installing this hotfix. Continue reading “Hotfix XS61E009 & XS61E010 for XenServer 6.1.0”

Citrix XenServer multiple security updates

Today (November 13th 2012) Citrix has released a critical update for all of it’s XenServer products.

A number of security vulnerabilities have been identified in Citrix XenServer. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including version 6.1.

The following denial of service vulnerabilities have been addressed:

  • Timer overflow DoS vulnerability (CVE-2012-4535)
  • pirq range check DoS vulnerability (CVE-2012-4536)
  • Memory mapping failure DoS vulnerability (CVE-2012-4537)
  • Unhooking empty PAE entries DoS vulnerability (CVE-2012-4538)
  • Grant table hypercall infinite loop DoS vulnerability (CVE-2012-4539)
  • XENMEM_add_to_physmap DoS vulnerability (CVE-2012-4557) Continue reading “Citrix XenServer multiple security updates”

Hotfix XS60E021 for XenServer 6.0

Besides Hotfix 13 for XenServer 6.0.2 Citrix has released hotfix 21 for XenServer 6.0.

This hotfix resolves the following issues:

  1. Constant transmission of low data rate Ethernet traffic through the netback interface can saturate a control domain (dom0) CPU.
  2. Attempts to attach a Storage Repository (SR) that contains a large number of Virtual Disk Images (VDIs), to a pool member, can fail.
  3. Creating a NIC bond in a Linux bridge environment, using a NIC that has VLANs configured on it, can result in loss of network connectivity.
  4. Restarting XAPI in a pool consisting of a large number of VDIs can cause pool members to indefinitely enter maintenance mode. Continue reading “Hotfix XS60E021 for XenServer 6.0”