Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.0819 Citrix XenServer Multiple Security Updates 22 March 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Citrix XenServer Publisher: Citrix Operating System: Citrix XenServer Linux variants BSD variants Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Increased Privileges -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-7541 CVE-2018-7540 CVE-2016-2074 Reference: ESB-2018.0772 ESB-2018.0651 ESB-2016.0815 ESB-2016.0811 Original Bulletin: https://support.citrix.com/article/CTX232655 - --------------------------BEGIN INCLUDED TEXT-------------------- Citrix XenServer Multiple Security Updates Security Bulletin | Critical | Created: 21 Mar 2018 | Modified: 21 Mar 2018 Applicable Products o XenServer 7.3 o XenServer 7.2 o XenServer 7.1 LTSR Cumulative Update 1 o XenServer 7.0 Description of Problem A number of vulnerabilities have been identified within Citrix XenServer that could, if exploited, allow a malicious administrator of a guest VM to crash the host and, for some XenServer versions, allow a remote attacker to compromise the host. The following vulnerabilities have been addressed: o CVE-2016-2074: openvswitch: MPLS buffer overflow vulnerability o CVE-2018-7540: DoS via non-preemptable L3/L4 pagetable freeing o CVE-2018-7541: grant table v2 -> v1 transition may crash Xen The host compromise issue (CVE-2016-2074) affects Citrix XenServer versions 7.0 and 7.1 CU1 only. The denial of service issues affect all supported versions of Citrix XenServer prior to version 7.4. Mitigating Factors Customers using the "Linux bridge" networking mode are unaffected by the host compromise issue. What Customers Should Do Hotfixes have been released to address these issues. Citrix strongly recommends that affected customers install these hotfixes as soon as possible. The hotfixes can be downloaded from the following locations: Citrix XenServer 7.3: CTX233368 - https://support.citrix.com/article/CTX233368 Citrix XenServer 7.2: CTX233366 - https://support.citrix.com/article/CTX233366 Citrix XenServer 7.1 LTSR CU1: CTX233363 - https://support.citrix.com/article/ CTX233363 and CTX233365 - https://support.citrix.com/article/CTX233365 Citrix XenServer 7.0: CTX233362 - https://support.citrix.com/article/CTX233362 and CTX233364 - https://support.citrix.com/article/CTX233364 These hotfixes are not livepatchable. Citrix is actively working on remediating the denial of service issues for releases that are End of Maintenance but not yet End of Life. What Citrix Is Doing Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at http://support.citrix.com/. Obtaining Support on This Issue If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at https://www.citrix.com/support/open-a-support-case.html. Reporting Security Vulnerabilities Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 - - Reporting Security Issues to Citrix Changelog +----------------------------------+------------------------------------------+ |Date |Change | +----------------------------------+------------------------------------------+ |21st March 2018 |Initial publication | +----------------------------------+------------------------------------------+ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWrNOjox+lLeg9Ub1AQjw9w//Rn36YVutGp3LAVYd5ycT+Fhfb6YzPAhx ZM/BD0sZcGWqz2DAkrq9xwsrj5RkOpKbWUcTBbWq7vGSdnoKBZhoAW8B8/iEoJlx oZkyIzwzZ0NQWTfbqU3uUe/y5MM5QxgWMSA/oTQ9I8BaZTqPG5rEAQEM4Rs/zJJq LNUpeglrT7TyHiSE/1Ka/109mxN58nQevUnkutg7X/508W+dOYZKBjZrQWvJnrOC 8ScAL0CE2KOWFhk2v3YDNEaHhDxZW8bVdvoxiQkvZxbcMo2I9ulFkOlyK6U2QYP4 jjJypw19lJlzcNpkNJRVzViDNG+ghFlWO0hJSPWX6JE2/PDRMlsWiE+UH/S366fJ 5rMID5rMdxcCzSAH9XuN4EKs8Jpie7sLu65LEFt9sqNhx5yA7rsPWLLOOEll7t5p 4UZ07WXEDSRZdOzSpLizSNyMWGCmuyuQ2RSdxqZbQab+I4c+gScEFXBnumGDZgt+ bDCfMvYy1J2UmiGXEPPYWXc5dMdbTAYI4Y4mxoeivRaTT5ihpNT4XWYGqibD3QQA kZyHOleQYkTbY2oDQ+x3wa2P1PnJJR1Gqen6nNsR/Ee7zwiyYcWUoqMEjpYIc4a6 fyp+pSaHCTJpX6rJMZoaNl0SDYubWUq48V66tzjX/hgJ07zbNuCau+plb7g+zlly aqsRYY9X1Vc= =0Gvu -----END PGP SIGNATURE-----