Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
citrixCitrixCTX228867
HistoryOct 12, 2017 - 4:00 a.m.

Citrix XenServer Multiple Security Updates

2017-10-1204:00:00
support.citrix.com
34

EPSS

0.001

Percentile

42.3%

JSON

<section>
<div><div>
<div>

<h2> Description of Problem</h2>

<div>
<div>
<div>
<p>A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to compromise the host.</p>
<p>These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServer 7.2.</p>
<p>The following vulnerabilities have been addressed:</p>
<ul>
<li>CVE-2017-15595: Unlimited recursion in linear pagetable de-typing</li>
<li>CVE-2017-15588: Stale TLB entry due to page type release race</li>
<li>CVE-2017-15593: page type reference leak on x86</li>
<li>CVE-2017-15592: x86: Incorrect handling of self-linear shadow mappings with translated guests</li>
<li>CVE-2017-15594: x86: Incorrect handling of IST settings during CPU hotplug</li>
<li>CVE-2017-15590: multiple MSI mapping issues on x86</li>
<li>CVE-2017-15589: hypervisor stack leak in x86 I/O intercept code</li>
</ul>
<p>For customers that do not have PV-based guests, are not using PCI passthrough and are using hardware with HAP support, the risk is reduced to a disclosure of a small part of the hypervisor stack.</p>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> What Customers Should Do</h2>

<div>
<div>
<div>
<p>Hotfixes have been released to address these issues. Citrix strongly recommends that affected customers install these hotfixes as soon as possible. The hotfixes can be downloaded from the following locations:</p>
<p>Citrix XenServer 7.2: CTX228722 – <a href=“https://support.citrix.com/article/CTX228722”>https://support.citrix.com/article/CTX228722</a> </p>
<p>Citrix XenServer 7.1 LTSR CU1: CTX228721 – <a href=“https://support.citrix.com/article/CTX228721”>https://support.citrix.com/article/CTX228721</a> </p>
<p>Citrix XenServer 7.1 LTSR: CTX228720 – <a href=“https://support.citrix.com/article/CTX228720”>https://support.citrix.com/article/CTX228720</a> </p>
<p>Citrix XenServer 7.0: CTX228719 – <a href=“https://support.citrix.com/article/CTX228719”>https://support.citrix.com/article/CTX228719</a> </p>
<p>Citrix XenServer 6.5 SP1: CTX228718 – <a href=“https://support.citrix.com/article/CTX228718”>https://support.citrix.com/article/CTX228718</a> </p>
<p>Citrix XenServer 6.2 SP1: CTX228717 – <a href=“https://support.citrix.com/article/CTX228717”>https://support.citrix.com/article/CTX228717</a> </p>
<p>Citrix XenServer 6.0.2 Common Criteria: CTX228716 – <a href=“https://support.citrix.com/article/CTX228716”>https://support.citrix.com/article/CTX228716</a></p>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> What Citrix Is Doing</h2>

<div>
<div>
<div>
<div>
<div>
<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=“http://support.citrix.com/”>http://support.citrix.com/</a></u>.</p>
</div>
</div>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Obtaining Support on This Issue</h2>

<div>
<div>
<div>
<div>
<div>
<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=“https://www.citrix.com/support/open-a-support-case.html”>https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>
</div>
</div>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Reporting Security Vulnerabilities</h2>

<div>
<div>
<div>
<div>
<div>
<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – <a href=“http://support.citrix.com/article/CTX081743”>Reporting Security Issues to Citrix</a></p>
</div>
</div>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Changelog</h2>

<div>
<div>
<div>
<table border=“1” width=“100%”>
<tbody>
<tr>
<td>Date </td>
<td>Change</td>
</tr>
<tr>
<td>12th October 2017</td>
<td>Initial publishing</td>
</tr>
<tr>
<td>18th October 2017</td>
<td>Update to CVE numbers</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>

<hr />
</div>
</div></div>
</section>

Related

openvas 33
nessus 44
suse 11
fedora 17
debian 5
osv 13
gentoo 1
redhatcve 9
cvelist 9
prion 9
xen 7
nvd 9
cve 9
ubuntucve 9
debiancve 9
symantec 1
seebug 1
exploitdb 1
googleprojectzero 1
citrix 1
openvas
openvas
Citrix XenServer Multiple Security Updates (CTX228867)
2017-10-16 00:00:00
Debian: Security Advisory (DLA-1181-1)
2023-03-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:2812-1)
2021-06-09 00:00:00
nessus
nessus
Citrix XenServer Multiple Vulnerabilities (CTX228867)
2017-10-18 00:00:00
SUSE SLES12 Security Update : xen (SUSE-SU-2017:2856-1)
2017-10-27 00:00:00
Debian DLA-1181-1 : xen security update
2017-11-21 00:00:00
suse
suse
Security update for xen (important)
2017-10-20 21:08:07
Security update for xen (important)
2017-10-26 18:09:11
Security update for xen (important)
2017-10-20 21:10:15
fedora
fedora
[SECURITY] Fedora 27 Update: xen-4.9.0-12.fc27
2017-11-11 03:26:37
[SECURITY] Fedora 27 Update: xen-4.9.0-12.fc27
2017-11-11 13:43:54
[SECURITY] Fedora 25 Update: xen-4.7.3-7.fc25
2017-11-01 16:45:54
debian
debian
[SECURITY] [DLA 1181-1] xen security update
2017-11-20 13:39:19
[SECURITY] [DSA 4050-1] xen security update
2017-11-28 19:48:09
[SECURITY] [DLA 1559-1] xen security update
2018-10-30 07:46:34
osv
osv
xen - security update
2017-11-20 00:00:00
xen - security update
2017-11-28 00:00:00
xen - security update
2018-10-29 00:00:00
gentoo
gentoo
Xen: Multiple vulnerabilities
2018-01-14 00:00:00
redhatcve
redhatcve
CVE-2017-15590
2017-10-18 14:54:48
CVE-2017-15589
2017-10-18 15:19:49
CVE-2017-15593
2017-10-18 14:54:34
cvelist
cvelist
CVE-2017-15588
2017-10-18 08:00:00
CVE-2017-15589
2017-10-18 08:00:00
CVE-2017-15590
2017-10-18 08:00:00
prion
prion
Denial of service
2017-10-18 08:29:00
Race condition
2017-10-18 08:29:00
Memory corruption
2017-10-18 08:29:00
xen
xen
multiple MSI mapping issues on x86
2017-10-12 12:00:00
hypervisor stack leak in x86 I/O intercept code
2017-10-12 12:00:00
page type reference leak on x86
2017-10-12 12:00:00
nvd
nvd
CVE-2017-15590
2017-10-18 08:29:00
CVE-2017-15593
2017-10-18 08:29:00
CVE-2017-15588
2017-10-18 08:29:00
cve
cve
CVE-2017-15590
2017-10-18 08:29:00
CVE-2017-15589
2017-10-18 08:29:00
CVE-2017-15588
2017-10-18 08:29:00
ubuntucve
ubuntucve
CVE-2017-15590
2017-10-18 00:00:00
CVE-2017-15593
2017-10-18 00:00:00
CVE-2017-15589
2017-10-18 00:00:00
debiancve
debiancve
CVE-2017-15589
2017-10-18 08:29:00
CVE-2017-15588
2017-10-18 08:29:00
CVE-2017-15590
2017-10-18 08:29:00
symantec
symantec
Xen CVE-2017-15595 Denial of Service Vulnerability
2017-10-18 00:00:00
seebug
seebug
Xen: unbounded recursion in pagetable de-typing(CVE-2017-15595)
2017-11-16 00:00:00
exploitdb
exploitdb
Xen - Pagetable De-typing Unbounded Recursion
2017-10-18 00:00:00
googleprojectzero
googleprojectzero
Taking a page from the kernel's book: A TLB issue in mremap()
2019-01-17 00:00:00
citrix
citrix
Citrix XenServer Multiple Security Updates
2017-12-01 05:00:00

EPSS

0.001

Percentile

42.3%

JSON
Related for CTX228867
openvas33nessus44suse11fedora17debian5osv13gentoo1redhatcve9cvelist9prion9xen7nvd9cve9ubuntucve9debiancve9symantec1seebug1exploitdb1googleprojectzero1citrix1