- Community Home
- >
- HPE Community, China
- >
- 服务器
- >
- 服务器官方技术文章【转载】
- >
- Security vulnerability in Citrix XenServer
类别
Company
Local Language
论坛
讨论平台
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
论坛
博客
- 将帖子标记为未读
- 加注书签
- 订阅
- 禁止
- 订阅此主题的 RSS 提要
- 高亮显示此帖
- 打印此帖
- 报告不当内容
修改时间 09-01-2014 10:05 AM
修改时间 09-01-2014 10:05 AM
Security vulnerability in Citrix XenServer
Description of Problem
A security vulnerability has been identified in Citrix XenServer PV guest kernel loading that could allow a malicious guest administrator to compromise the XenServer host. This vulnerability affects all currently supported versions of Citrix XenServer up to and including version 6.2.
The vulnerability is:
• CVE-2013-2194, CVE-2013-2195, CVE-2013-2196: Vulnerabilities in libelf PV kernel handling
Mitigating Factors
Customers that are running only HVM guests (e.g. Microsoft Windows) are unaffected.
The vulnerability can only be exploited whilst a PV guest is booting; once the guest has booted, the vulnerability cannot be exploited until the guest is next rebooted.
What Customers Should Do
Hotfixes have been released to address this issue. Citrix strongly recommends that affected customers install the relevant hotfix, which can be downloaded from the locations below.
Please note that these hotfixes have been updated following the initial release of earlier, incomplete fixes to correct this issue.
Citrix XenServer 6.2: CTX138349– Hotfix XS62E002 - For XenServer 6.2.0
Citrix XenServer 6.1: CTX138038 – Hotfix XS61E024 - For XenServer 6.1.0
Citrix XenServer 6.0.2: CTX138036 - Hotfix XS602E025 - For XenServer 6.0.2
Customers using Citrix XenServer 6.0.2 in the Common Criteria evaluated configuration should apply the following hotfix: CTX138037 - Hotfix XS602ECC006 - For XenServer 6.0.2 Common Criteria
Citrix XenServer 6.0.0: CTX138035 - Hotfix XS60E033 - For XenServer 6.0
Citrix XenServer 5.6 Service Pack 2: CTX138345 - Hotfix XS56ESP2032 - For XenServer 5.6 Service Pack 2
Citrix XenServer 5.6 Feature Pack 1: CTX138344 - Hotfix XS56EFP1020 - For XenServer 5.6 Feature Pack 1
Citrix XenServer 5.6: CTX138031 - Hotfix XS56E020 - For XenServer 5.6
Customers using Citrix XenServer 5.6 in the Common Criteria evaluated configuration should apply the following hotfix: CTX138343 - Hotfix XS56E021 - For XenServer 5.6
Citrix XenServer 5.5 Update 2: CTX138342 - Hotfix XS55EU2018 - For XenServer 5.5 Update 2
Citrix XenServer 5.0 Update 3: CTX138341 - Hotfix XS50EU3018 - For XenServer 5.0 Update 3