Hotfix XS61E018 for XenServer 6.1.0

Citrix has released a new hotfix for XenServer 6.1.0.

This is a hotfix for customers running XenServer 6.1.0.


  • For customers requiring the Cisco fnic driver, a driver disk compatible with this hotfix was issued in CTX137403 – Driver Disk for Cisco fnic v1.5.0.20 – For XenServer 6.1.0. Customers must apply the compatible driver before applying this hotfix.
  • Any other issued driver disk and the Driver Development Kit (DDK) for XenServer 6.1.0 must be updated to be compatible with this hotfix. See CTX137629 – Driver Disks for XenServer 6.1.0 with Hotfix XS61E018 for a list of the affected driver disks that must also be updated.
  • After applying the hotfix to all hosts in a pool, customers should update the required driver disks before rebooting the XenServer hosts.

Issues Resolved In This Hotfix Continue reading “Hotfix XS61E018 for XenServer 6.1.0”

Citrix XenServer Multiple Security Updates

A number of security vulnerabilities have been identified in Citrix XenServer. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including version 6.1.

The following vulnerabilities have been addressed:

  • CVE-2013-1918: Several long latency operations are not pre-emptible
  • CVE-2013-1919: Several access permissions with IRQs for unprivileged guests
  • CVE-2013-1952: VT-d interrupt remapping source validation flaw for bridges
  • CVE-2013-1964: grant table hypercall acquire/release imbalance

Mitigating Factors

Customers on versions of XenServer prior to XenServer 6.0 are only affected by CVE-2013-1918 which is a host denial of service attack. Continue reading “Citrix XenServer Multiple Security Updates”

Citrix XenServer Security Update (for all versions)

A security vulnerability has been identified in Citrix XenServer. This vulnerability allows an unprivileged user of a guest VM to crash the host.

The vulnerability is identified as:

• CVE-2013-1917: Xen PV DoS vulnerability with SYSENTER

Mitigating Factors

The vulnerability can only be exploited from PV guest VMs running on Intel CPUs.


Hotfixes have been released to address this issue. Citrix recommends that affected customers install the relevant hotfix, which can be downloaded from the following locations:

Citrix XenServer 6.1: CTX137487 – Hotfix XS61E019 – For XenServer 6.1.0

Citrix XenServer 6.0.2: CTX137486 – Hotfix XS602E022 – For XenServer 6.0.2

Citrix XenServer 6.0.0: CTX137484 – Hotfix XS60E028 – For XenServer 6.0

Citrix XenServer 5.6 Service Pack 2: CTX137483 – Hotfix XS56ESP2027 – For XenServer 5.6 Service Pack 2

Citrix XenServer 5.6 Feature Pack 1: CTX137482 – Hotfix XS56EFP1017 – For XenServer 5.6 Feature Pack 1

Citrix XenServer 5.6: CTX137481 – Hotfix XS56E018 – For XenServer 5.6

Citrix XenServer 5.5 Update 2: CTX137480 – Hotfix XS55EU2016 – For XenServer 5.5 Update 2

Citrix XenServer 5.0 Update 3: CTX137479 – Hotfix XS50EU3016 – For XenServer 5.0 Update 3

Read the original KB article here.

Hotfix XS602E018 for XenServer 6.0.2

xenserver6Citrix has released a new hotfix for XenServer 6.0.2.

What’s fixed:

  1. This hotfix provides improvements to the way in which XenServer logs are captured during a host crash.
  2. The clock running inside the control domain (dom0) can randomly move forward by 50 minutes due to a bug in the Xen hypervisor. When this happens, Virtual Machines (VM) which follow the dom0 wallclock settings may be affected and display the incorrect time.

In addition, this hotfix includes the following previously released hotfixes.


You can download and read the installation instructions here.

Citrix XenServer multiple security updates

Today (November 13th 2012) Citrix has released a critical update for all of it’s XenServer products.

A number of security vulnerabilities have been identified in Citrix XenServer. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including version 6.1.

The following denial of service vulnerabilities have been addressed:

  • Timer overflow DoS vulnerability (CVE-2012-4535)
  • pirq range check DoS vulnerability (CVE-2012-4536)
  • Memory mapping failure DoS vulnerability (CVE-2012-4537)
  • Unhooking empty PAE entries DoS vulnerability (CVE-2012-4538)
  • Grant table hypercall infinite loop DoS vulnerability (CVE-2012-4539)
  • XENMEM_add_to_physmap DoS vulnerability (CVE-2012-4557) Continue reading “Citrix XenServer multiple security updates”

Hotfix XS60E021 for XenServer 6.0

Besides Hotfix 13 for XenServer 6.0.2 Citrix has released hotfix 21 for XenServer 6.0.

This hotfix resolves the following issues:

  1. Constant transmission of low data rate Ethernet traffic through the netback interface can saturate a control domain (dom0) CPU.
  2. Attempts to attach a Storage Repository (SR) that contains a large number of Virtual Disk Images (VDIs), to a pool member, can fail.
  3. Creating a NIC bond in a Linux bridge environment, using a NIC that has VLANs configured on it, can result in loss of network connectivity.
  4. Restarting XAPI in a pool consisting of a large number of VDIs can cause pool members to indefinitely enter maintenance mode. Continue reading “Hotfix XS60E021 for XenServer 6.0”

Hotfix XS602E013 released for XenServer 6.0.2

Citrix has released the 13th hotfix for XenServer version 6.0.2.

This hotfix resolves the following issues:

  1. Customers may experience a loss of network connectivity, if the environment, across multiple VMs, is creating high network load. This is due to the VM being unable to send packets. However, ifconfig (run from the control domain – dom0) will show that packets are still sent to the VM.
  2. When using active-passive bond mode and receiving traffic on the passive interface, or when receiving VLAN packets, which do not have a VLAN ID configured in the control domain (dom0), the OOM kill error can occur and cause the XenServer host to crash.
  3. In rare circumstances, attempts to perform VM lifecycle operations can cause the storage subsystem to fail. When this occurs, the VM’s storage repository will become inaccessible.
  4. NFS connection timeouts can cause XenServer hosts to crash and reboot.
  5. After a High Availability (HA) failover on the pool master, the new pool master fails to reattach the HA statefile.

NOTE: This hotfix also contains improvements to the storage subsystem efficiency, especially when performing large number of concurrent storage operations.

In addition, this hotfix also includes fixes released in CTX132823 – Hotfix XS602E001 – For XenServer 6.0.2, CTX133166 – Hotfix XS602E003 – For XenServer 6.0.2, CTX133812 – Hotfix XS602E005 – For XenServer 6.0.2, CTX134479 – Hotfix XS602E007 – For XenServer 6.0.2, and CTX135303 – Hotfix XS602E011 – For XenServer 6.0.2.


You can download this latest hotfix here.

Hotfix XS61E003 for XenServer 6.1.0

After Hotfix 1 and Hotfix 2 Citrix has released the third hotfix for XenServer 6.1.0.

This hotfix resolves the following issues:

Note: There is no specific threshold for the performance issues described below. Customers experiencing any of the symptoms should install the hotfix.

  1. Connecting XenCenter to a large pool can increase the load on the pool master, resulting in excessive inter-host communication and cause delays when performing VM lifecycle operations.
  2. Delays can occur when restarting XAPI in a pool consisting of large number of Virtual Disk Images (VDIs), for example more than 1000, as this can cause excessive load on the pool master.
  3. A pool consisting of a large number of Windows VMs with XenServer Tools installed, can cause a high (up to 100%) CPU load on the pool master, resulting in communication overhead. For example, customers may not be able to connect XenCenter to the pool.
  4. When using High Availability (HA) in an environment where the protected Virtual Machines (VMs) use VLANs, HA may be unable to detect that a VM is agile: it cannot therefore plan a suitable recovery procedure. In this case, customers may find that their XenServer pools unexpectedly become “overcommitted”, or that they may be unable to use HA.
  5. QoS settings do not work when set through XenCenter or the xe CLI.
  6. For active-active bonds on the vSwitch network stack, the bond rebalancing interval has changed from 10 seconds to 30 minutes.
  7. Performance data collection from pool members can cause XAPI session leaks, which eventually may exceed the maximum allowed number of open sessions. If this occurs, the pool master’s xensource.log file will display the following message: Number of disposable sessions in database (416/416) exceeds limit (400): will delete the oldest.

You can download the hotfix here.

Hotfix XS61E002 for XenServer 6.1.0

XenServer 6.1 is already up to it’s second hotfix. With the release just a month ago this is going really fast.

This hotfix has just 2 fixes it is making so here’s the long list :

  • Attempts to move a Virtual Machine (VM) or a Virtual Disk using XenCenter 6.1, may be unsuccessful and cause XenCenter to crash, with an error message: There has been an unexpected error.
  • Using non-root accounts in XenCenter 6.1 to perform operations such as starting a VM, on a host running XenServer 5.6.x or earlier, will display the No roles able to perform API call event.from error message and eventually cause XenCenter to crash.

You can download the hotfix from the Citrix website here.