Citrix XenServer Multiple Security Updates

<section>
<div><div>
<div>

<h2> Description of Problem</h2>

<div>
<div>
<div>
<p>A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to compromise the host.</p>
<p>These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServer 7.2.</p>
<p>The following vulnerabilities have been addressed:</p>
<ul>
<li>CVE-2017-14316: (High) Missing NUMA node parameter verification</li>
<li>CVE-2017-14318: (Medium) Missing check for grant table</li>
<li>CVE-2017-14319: (High) insufficient grant unmapping checks for x86 PV guests</li>
</ul>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> What Customers Should Do</h2>

<div>
<div>
<div>
<p>Hotfixes have been released to address these issues. Citrix strongly recommends that affected customers install these hotfixes as soon as possible. The hotfixes can be downloaded from the following locations:</p>
<p>Citrix XenServer 7.2: CTX227236 – <a href=“https://support.citrix.com/article/CTX227236”>https://support.citrix.com/article/CTX227236</a></p>
<p>Citrix XenServer 7.1 LTSR CU1: CTX227235 – <a href=“https://support.citrix.com/article/CTX227235”>https://support.citrix.com/article/CTX227235</a></p>
<p>Citrix XenServer 7.1 LTSR: CTX227234 – <a href=“https://support.citrix.com/article/CTX227234”>https://support.citrix.com/article/CTX227234</a></p>
<p>Citrix XenServer 7.0: CTX227233 – <a href=“https://support.citrix.com/article/CTX227233”>https://support.citrix.com/article/CTX227233</a></p>
<p>Citrix XenServer 6.5 SP1: CTX227232 – <a href=“https://support.citrix.com/article/CTX227232”>https://support.citrix.com/article/CTX227232</a></p>
<p>Citrix XenServer 6.2 SP1: CTX227231 – <a href=“https://support.citrix.com/article/CTX227231”>https://support.citrix.com/article/CTX227231</a></p>
<p>Citrix XenServer 6.0.2 Common Criteria: CTX227237 – <a href=“https://support.citrix.com/article/CTX227237”>https://support.citrix.com/article/CTX227237</a></p>
<p>Customers who are using the Live Patching feature of Citrix XenServer may apply the relevant hotfix without requiring a reboot.</p>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> What Citrix Is Doing</h2>

<div>
<div>
<div>
<div>
<div>
<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=“http://support.citrix.com/”>http://support.citrix.com/</a></u>.</p>
</div>
</div>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Obtaining Support on This Issue</h2>

<div>
<div>
<div>
<div>
<div>
<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=“https://www.citrix.com/support/open-a-support-case.html”>https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>
</div>
</div>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Reporting Security Vulnerabilities</h2>

<div>
<div>
<div>
<div>
<div>
<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – <a href=“http://support.citrix.com/article/CTX081743”>Reporting Security Issues to Citrix</a></p>
</div>
</div>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Changelog</h2>

<div>
<div>
<div>
<table border=“1” width=“100%”>
<tbody>
<tr>
<td>Date </td>
<td>Change</td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
</tbody>
</table>
</div>
</div>
</div>

<hr />
</div>
</div></div>
</section>