Lucene search

K
citrixCitrixCTX224740
HistoryJun 27, 2017 - 4:00 a.m.

Citrix XenServer Multiple Security Updates

2017-06-2704:00:00
support.citrix.com
43

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

<section>
<div><div>
<div>

<h2> Description of Problem</h2>

<div>
<div>
<div>
<p>A number of security issues have been identified within Citrix XenServer. These issues could, if exploited, allow a malicious administrator of a guest VM to compromise the host. The issues have the identifiers:</p>
<ul>
<li>CVE-2017-10920, CVE-2017-10921 and CVE-2017-10922 (High): Grant table operations mishandle reference counts.</li>
<li>CVE-2017-10918 (High): Stale P2M mappings due to insufficient error checking.</li>
<li>CVE-2017-10912 (Medium): Page transfer may allow PV guest to elevate privilege.</li>
<li>CVE-2017-10913 and CVE-2017-10914 (Medium): Races in the grant table unmap code.</li>
<li>CVE-2017-10915 (Medium): x86: insufficient reference counts during shadow emulation.</li>
<li>CVE-2017-10917 (Medium): NULL pointer deref in event channel poll.</li>
<li>CVE-2017-10911 (Low): blkif responses leak backend stack data.</li>
</ul>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> What Customers Should Do</h2>

<div>
<div>
<div>
<p>Hotfixes have been released to address these issues. Citrix recommends that affected customers install these hotfixes, which can be downloaded from the following locations:</p>
<p>Citrix XenServer 7.2: CTX224692 – <a href=“https://support.citrix.com/article/CTX224692”>https://support.citrix.com/article/CTX224692</a> and CTX224698 – <a href=“https://support.citrix.com/article/CTX224698”>https://support.citrix.com/article/CTX224698</a></p>
<p>Citrix XenServer 7.1: CTX224691 – <a href=“https://support.citrix.com/article/CTX224691”>https://support.citrix.com/article/CTX224691</a> and CTX224697 – <a href=“https://support.citrix.com/article/CTX224697”>https://support.citrix.com/article/CTX224697</a></p>
<p>Citrix XenServer 7.0: CTX224690 – <a href=“https://support.citrix.com/article/CTX224690”>https://support.citrix.com/article/CTX224690</a> and CTX224696 – <a href=“https://support.citrix.com/article/CTX224696”>https://support.citrix.com/article/CTX224696</a></p>
<p>Citrix XenServer 6.5 SP1: CTX224689 – <a href=“https://support.citrix.com/article/CTX224689”>https://support.citrix.com/article/CTX224689</a> and CTX224695 – <a href=“https://support.citrix.com/article/CTX224695”>https://support.citrix.com/article/CTX224695</a></p>
<p>Customers who have deployed Citrix XenServer 6.2 SP1 on older hardware that does not have Hardware Assisted Paging support (Intel: EPT, AMD: RVI) should upgrade to Citrix XenServer 6.5 SP1 or later to ensure that they are protected against these issues.</p>
<p>Citrix XenServer 6.2 SP1: CTX224688 – <a href=“https://support.citrix.com/article/CTX224688”>https://support.citrix.com/article/CTX224688</a> and CTX224694 – <a href=“https://support.citrix.com/article/CTX224694”>https://support.citrix.com/article/CTX224694</a></p>
<p>Citrix XenServer 6.0.2 Common Criteria: CTX224687 – <a href=“https://support.citrix.com/article/CTX224687”>https://support.citrix.com/article/CTX224687</a> and CTX224693 – <a href=“https://support.citrix.com/article/CTX224693”>https://support.citrix.com/article/CTX224693</a></p>
<p>Customers who are using the Live Patching feature of Citrix XenServer 7.2 may apply the relevant hotfixes without requiring a reboot. Customers who are using the Live Patching feature of Citrix XenServer 7.1 who have previously deployed all earlier hotfixes may apply the relevant hotfixes without requiring a reboot.</p>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> What Citrix Is Doing</h2>

<div>
<div>
<div>
<div>
<div>
<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=“http://support.citrix.com/”>http://support.citrix.com/</a></u>.</p>
</div>
</div>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Obtaining Support on This Issue</h2>

<div>
<div>
<div>
<div>
<div>
<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=“https://www.citrix.com/support/open-a-support-case.html”>https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>
</div>
</div>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Reporting Security Vulnerabilities</h2>

<div>
<div>
<div>
<div>
<div>
<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – <a href=“http://support.citrix.com/article/CTX081743”>Reporting Security Issues to Citrix</a></p>
</div>
</div>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Changelog</h2>

<div>
<div>
<div>
<table border=“1” width=“100%”>
<tbody>
<tr>
<td>Date </td>
<td>Change</td>
</tr>
<tr>
<td>21st June, 2017</td>
<td>Initial publishing</td>
</tr>
<tr>
<td>7th July, 2017</td>
<td>Added CVE identifiers</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>

<hr />
</div>
</div></div>
</section>

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C