Citrix XenServer Multiple Security Updates

<section>
<div><div>
<div>

<h2> Description of Problem</h2>

<div>
<div>
<div>
<p>Two issues have been identified within Citrix XenServer, which could, if exploited, allow unprivileged code in a PV guest VM to cause the host to crash or become unresponsive.</p>
<p>These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServer 7.5.</p>
<p>The following vulnerabilities have been addressed:</p>
<ul>
<li>CVE-2018-12893: (High) x86: #DB exception safety check can be triggered by a guest</li>
<li>CVE-2018-12891: (Medium) preemption checks bypassed in x86 PV MM handling<br /> </li>
</ul>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> What Customers Should Do</h2>

<div>
<div>
<div>
<p>Hotfixes have been released to address these issues. Citrix recommends that affected customers install these hotfixes as soon as possible. The hotfixes can be downloaded from the following locations:</p>
<ul>
<li>Citrix XenServer 7.5: CTX236153 – <a href=“https://support.citrix.com/article/CTX236153”>https://support.citrix.com/article/CTX236153</a></li>
<li>Citrix XenServer 7.4: CTX236152 – <a href=“https://support.citrix.com/article/CTX236152”>https://support.citrix.com/article/CTX236152</a></li>
<li>Citrix XenServer 7.3: CTX236151 – <a href=“https://support.citrix.com/article/CTX236151”>https://support.citrix.com/article/CTX236151</a></li>
<li>Citrix XenServer 7.1 LTSR CU1: CTX236150 – <a href=“https://support.citrix.com/article/CTX236150”>https://support.citrix.com/article/CTX236150</a></li>
<li>Citrix XenServer 7.0: CTX236149 – <a href=“https://support.citrix.com/article/CTX236149”>https://support.citrix.com/article/CTX236149</a></li>
</ul>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> What Citrix Is Doing</h2>

<div>
<div>
<div>
<div>
<div>
<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=“http://support.citrix.com/”>http://support.citrix.com/</a></u>.</p>
</div>
</div>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Obtaining Support on This Issue</h2>

<div>
<div>
<div>
<div>
<div>
<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=“https://www.citrix.com/support/open-a-support-case.html”>https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>
</div>
</div>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Reporting Security Vulnerabilities</h2>

<div>
<div>
<div>
<div>
<div>
<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – <a href=“http://support.citrix.com/article/CTX081743”>Reporting Security Issues to Citrix</a></p>
</div>
</div>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Changelog</h2>

<div>
<div>
<div>
<table border=“1” width=“100%”>
<tbody>
<tr>
<td>Date </td>
<td>Change</td>
</tr>
<tr>
<td>28th June 2018 </td>
<td>Initial issue </td>
</tr>
<tr>
<td>28th June 2018</td>
<td>Typo - Mark bulletin as High severity</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>

<hr />
</div>
</div></div>
</section>