Citrix XenServer Multiple Security Updates

A number of security vulnerabilities have been identified in Citrix XenServer. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including version 6.1.

The following vulnerabilities have been addressed:

  • CVE-2013-1918: Several long latency operations are not pre-emptible
  • CVE-2013-1919: Several access permissions with IRQs for unprivileged guests
  • CVE-2013-1952: VT-d interrupt remapping source validation flaw for bridges
  • CVE-2013-1964: grant table hypercall acquire/release imbalance

Mitigating Factors

Customers on versions of XenServer prior to XenServer 6.0 are only affected by CVE-2013-1918 which is a host denial of service attack.

What Customers Should Do

Hotfixes have been released to address this issue. Citrix recommends that affected customers install the relevant hotfix, which can be downloaded from the following locations:

Read the entire article here.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.