Citrix XenServer Security Update

<section>
<div><div>
<div>

<h2> Description of Problem</h2>

<div>
<div>
<div>
<p>A number of security vulnerabilities have been identified in Citrix XenServer that have deployment-dependent impacts.</p>
<p>These issues affect the following supported versions of Citrix XenServer:</p>
<ul>
<li>Citrix XenServer 7.6</li>
<li>Citrix XenServer 7.5</li>
<li>Citrix XenServer 7.1 LTSR CU1</li>
<li>Citrix XenServer 7.0</li>
</ul>
<p>The following issues have been addressed:</p>
<ul>
<li>CVE-2018-19961 / CVE-2018-19962: insufficient TLB flushing/improper large page mappings with AMD IOMMUs</li>
</ul>
<p>This issue may allow code in an HVM guest VM to compromise the host.</p>
<p>This issue is limited to guests that are using the PCI passthrough feature in conjunction with AMD CPUs.</p>
<ul>
<li>CVE-2018-19965: x86: DoS from attempting to use INVPCID with a non-canonical address</li>
</ul>
<p>This issue may allow privileged code in a PV guest VM to crash the host.</p>
<p>This issue is limited to hosts with Intel CPUs that support the INVPCID instruction.</p>
<p>This issue only occurs in Citrix XenServer 7.6.</p>
<ul>
<li>CVE-2018-19967: Intel Erratum: “Processor May Hang When Executing Code In an HLE Transaction”.</li>
</ul>
<p>This issue may allow code running in a guest VM to cause the host to become unresponsive and/or crash.</p>
<p>This issue is limited to hosts with Intel CPUs that are affected by the corresponding Intel erratum.</p>
<p> </p>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> What Customers Should Do</h2>

<div>
<div>
<div>
<p>Hotfixes have been released to address these issues. Citrix recommends that affected customers install these hotfixes as their patching schedule permits. The hotfixes can be downloaded from the following locations:</p>
<p>Citrix XenServer 7.6: CTX239437 – <a href=“https://support.citrix.com/article/CTX239437”>https://support.citrix.com/article/CTX239437</a> </p>
<p>Citrix XenServer 7.5: CTX239436 – <a href=“https://support.citrix.com/article/CTX239436”>https://support.citrix.com/article/CTX239436</a> </p>
<p>Citrix XenServer 7.1 LTSR CU1: CTX239435 – <a href=“https://support.citrix.com/article/CTX239435”>https://support.citrix.com/article/CTX239435</a> </p>
<p>Citrix XenServer 7.0: CTX239434 – <a href=“https://support.citrix.com/article/CTX239434”>https://support.citrix.com/article/CTX239434</a> </p>
<p> </p>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> What Citrix Is Doing</h2>

<div>
<div>
<div>
<div>
<div>
<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=“http://support.citrix.com/”>http://support.citrix.com/</a></u>.</p>
</div>
</div>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Obtaining Support on This Issue</h2>

<div>
<div>
<div>
<div>
<div>
<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=“https://www.citrix.com/support/open-a-support-case.html”>https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>
</div>
</div>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Reporting Security Vulnerabilities</h2>

<div>
<div>
<div>
<div>
<div>
<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – <a href=“http://support.citrix.com/article/CTX081743”>Reporting Security Issues to Citrix</a></p>
</div>
</div>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Changelog</h2>

<div>
<div>
<div>
<table border=“1” width=“100%”>
<tbody>
<tr>
<td>Date </td>
<td>Change</td>
</tr>
<tr>
<td>20th November 2018</td>
<td>Initial Issue </td>
</tr>
<tr>
<td>8th January 2019</td>
<td>Updated CVE identifiers for TBA entries</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>

<hr />
</div>
</div></div>
</section>