A security vulnerability has been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to compromise the host.
This vulnerability affects all currently supported versions of Citrix XenServer up to and including Citrix XenServer 7.2.
The following vulnerability has been addressed:
Hotfixes have been released to address these issues. Citrix strongly recommends that affected customers install these hotfixes as soon as possible. The hotfixes can be downloaded from the following locations:
Citrix XenServer 7.2: CTX229067 – <https://support.citrix.com/article/CTX229067>
Citrix XenServer 7.1 LTSR CU1: CTX229066 – <https://support.citrix.com/article/CTX229066>
Citrix XenServer 7.1 LTSR: CTX229065 – <https://support.citrix.com/article/CTX229065>
Citrix XenServer 7.0: CTX229064 – <https://support.citrix.com/article/CTX229064>
Citrix XenServer 6.5 SP1: CTX229063 – <https://support.citrix.com/article/CTX229063>
Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at _ <http://support.citrix.com/>_.
If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at _ <https://www.citrix.com/support/open-a-support-case.html>_.
Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – Reporting Security Issues to Citrix
Date | Change |
---|---|
24th October 2017 | Initial Publishing |
CPE | Name | Operator | Version |
---|---|---|---|
citrix xenserver | le | 7.2 | |
citrix xenserver | le | 7.1 | |
citrix xenserver | le | 7.1 | |
citrix xenserver | le | 7.0 | |
citrix xenserver | le | 6.5 |