ESB-2018.1029 - [Linux][BSD][Virtual] Citrix XenServer: Multiple vulnerabilities 2018-04-05

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.1029
                Citrix XenServer Multiple Security Updates
                               5 April 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Citrix XenServer
Publisher:         Citrix
Operating System:  Citrix XenServer
                   Linux variants
                   BSD variants
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Access Privileged Data          -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-7541 CVE-2018-7540 CVE-2017-17566
                   CVE-2017-17565 CVE-2017-17564 CVE-2017-17563
                   CVE-2016-2108 CVE-2016-2107 

Reference:         ASB-2017.0219
                   ASB-2017.0164
                   ASB-2017.0115
                   ASB-2016.0104
                   ASB-2016.0087
                   ASB-2016.0080
                   ASB-2016.0074
                   ASB-2016.0071

Original Bulletin: 
   https://support.citrix.com/article/CTX233832
   https://support.citrix.com/article/CTX232096

Comment: This bulletin contains two (2) Citrix security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

CTX233832

Citrix XenServer 7.2 Multiple Security Updates

Security Bulletin

Created: 29 Mar 2018

Modified: 29 Mar 2018

Applicable Products

  o XenServer 7.2

Description of Problem

A number of security issues have been identified within Citrix XenServer 7.2
which could, if exploited, allow a malicious man-in-the-middle (MiTM) attacker
on the management network to decrypt management traffic. Collectively, this
has been rated as a medium severity vulnerability; the following issues have
been remediated:

  o CVE-2016-2107
  o CVE-2016-2108

Mitigating Factors

Customers who have configured their systems with an isolated management
network in accordance with Citrix recommendations have already significantly
mitigated these issues.

What Customers Should Do

A hotfix has been released to address these issues. Citrix recommends that
affected customers install these hotfixes as soon as their patching schedule
permits. The hotfix can be downloaded from the following location:

Citrix XenServer 7.2: CTX233880 - https://support.citrix.com/article/CTX233880

What Citrix Is Doing

Citrix is notifying customers and channel partners about this potential
security issue. This article is also available from the Citrix Knowledge
Center at  http://support.citrix.com/.

Obtaining Support on This Issue

If you require technical assistance with this issue, please contact Citrix
Technical Support. Contact details for Citrix Technical Support are available
at  https://www.citrix.com/support/open-a-support-case.html. 

Reporting Security Vulnerabilities

Citrix welcomes input regarding the security of its products and considers any
and all potential vulnerabilities seriously. For guidance on how to report
security-related issues to Citrix, please see the following document:
CTX081743 - Reporting Security Issues to Citrix

Changelog

+---------------------------------+------------------------------------------+
|Date                             |Change                                    |
+---------------------------------+------------------------------------------+
|29th March 2018                  |Initial Publication                       |
+---------------------------------+------------------------------------------+

=============================================================================

CTX232096

Citrix XenServer Multiple Security Updates

Security Bulletin 

Created: 03 Apr 2018

Modified: 03 Apr 2018

Applicable Products

  o XenServer 6.0.2
  o XenServer 6.2.0
  o XenServer 6.5

Description of Problem

A number of vulnerabilities have been identified within Citrix XenServer that
could, if exploited, allow a malicious administrator of a guest VM to crash
the host.
The following vulnerabilities have been addressed:

  o CVE-2017-17563: broken x86 shadow mode refcount overflow check
  o CVE-2017-17564: improper x86 shadow mode refcount error handling
  o CVE-2017-17565: improper bug check in x86 log-dirty handling
  o CVE-2017-17566: x86 PV guests may gain access to internally used pages
  o CVE-2018-7540: DoS via non-preemptable L3/L4 pagetable freeing
  o CVE-2018-7541: grant table v2 -> v1 transition may crash Xen

These issues affect all supported versions of Citrix XenServer prior to Citrix
XenServer 7.4.  However, previous hotfixes (CTX231390 and CTX232655) have
already addressed all of these issues for all affected supported 7.x versions
of Citrix XenServer.

What Customers Should Do

Hotfixes have been released to address these issues for support 6.x versions
of Citrix XenServer. Citrix recommends that affected customers install these
hotfixes as their patching schedule permits. The hotfixes can be downloaded
from the following locations:
Citrix XenServer 6.5SP1: CTX232084 - https://support.citrix.com/article/
CTX232084
Citrix XenServer 6.2SP1: CTX232083 - https://support.citrix.com/article/
CTX232083
Citrix XenServer 6.0.2 Common Criteria: CTX232082 - https://support.citrix.com
/article/CTX232082

What Citrix Is Doing

Citrix is notifying customers and channel partners about this potential
security issue. This article is also available from the Citrix Knowledge
Center at  http://support.citrix.com/.

Obtaining Support on This Issue

If you require technical assistance with this issue, please contact Citrix
Technical Support. Contact details for Citrix Technical Support are available
at  https://www.citrix.com/support/open-a-support-case.html. 

Reporting Security Vulnerabilities

Citrix welcomes input regarding the security of its products and considers any
and all potential vulnerabilities seriously. For guidance on how to report
security-related issues to Citrix, please see the following document:
CTX081743 - Reporting Security Issues to Citrix

Changelog

+--------------------------------+-------------------------------------------+
|Date                            |Change                                     |
+--------------------------------+-------------------------------------------+
|3rd April 2018                  |Initial Publication                        |
+--------------------------------+-------------------------------------------+

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWsWeS4x+lLeg9Ub1AQgvxw/+KaZRl5zcOYT4iQdlPHIKSepQYcNtba56
+Wv6AJ+n90qAjBw+lbjjP1CmzC1X6peNSe6MKqHsFDLtEnFzfJlSv8NVrP54PZeZ
v29Qs2LQHMnFLt2eiC4lJT79SMKx+zHAqc2oRUlTTOge6n5FbpuNp33X6acqiAc5
EOrTZH697gzUWwDIWk2GXSMo9e3BYtBb4Xf90FGPk0czkOMvSD5eagzUZlz7VJsm
Ktw6oQ1vXowtUM+hZfmkVGplfB/9NTBd5Ir0e0LtGxIrN7643saZ8U54fuXA/G6l
AUb2ozKHoblG1/MS9GOT8YmN2bNDrn2vylZw1bbKtaUJuO8prbB9+6HRgJ8LbUAC
cDL963Ud9FyssAmFKQ4zm7p10btUrbwxhQnVqyvF+EaHw676CHqo54n8kcub/50H
RDb5/6Ok640MMmAxCvo13vwSEa/qYCs88rBMQqQ5MR1viTzGC5T1h8P6vKJTYpwI
NjytY0q7kzPMrTkvHByDgBZ1LC6fyZp32uxa+HawQyieDzpdk1Vl18kmhvgBcFST
f0zJmwanRcYMY0sFsKWcbDsFmm45ZyGzMyJN/B3IDEzBopWAF8+RdYxpcoX2ncwh
W/wSHfdRTMgE8P6CFAtpO0oRtsWWz8eIc0jWrJpMnGqErxj/v4QdAlbphaJUaiLJ
VF6sgnnnunE=
=FCDv
-----END PGP SIGNATURE-----

« Back to bulletins