Description of Problem
A number of security vulnerabilities have been identified in Citrix XenServer. The following vulnerabilities have been addressed:
- CVE-2015-5621 (Medium): incorrectly handled SNMP PDU parsing failures
This issue may allow a malicious attacker on the management network to attack the host SNMP daemon if it has been exposed through the firewall.
- CVE-2016-2271 (Low): VMX: guest user mode may crash guest with non-canonical RIP
This issue may allow a malicious guest user to crash that guest.
- CVE-2016-3158/CVE-2016-3159 (Low): broken AMD FPU FIP/FDP/FOP leak workaround
This issue may allow a malicious guest administrator to obtain low-value information from other VMs at a low rate.
- CVE-2016-3960 (Low): x86 shadow pagetables: address width overflow
This issue may allow a malicious guest administrator to crash the host machine.
CVE-2015-5621 is only applicable to hosts where the SNMP service has been exposed. Citrix XenServer itself does not expose this service but the installation of host-manufacturer-specific supplementary packs may change this.
CVE-2016-2271 is only applicable to HVM guests running on Intel CPUs.
CVE-2016-3158/CVE-2016-3159 is only applicable to Citrix XenServer 6.5 SP1 running on AMD CPUs.
CVE-2016-3960 is only applicable to HVM guests running on systems which either do not support Hardware Assisted Paging (HAP) or where HAP has been explicitly disabled by the host administrator.
What Customers Should Do
Hotfixes have been released to address these issues. Citrix recommends that affected customers install these hotfixes, which can be downloaded from the following locations:
Citrix XenServer 6.5 SP1: CTX209498 – https://support.citrix.comhttp://support.ctx.org.cn/CTX209498.citrix
Citrix XenServer 6.2 SP1: CTX209497 – https://support.citrix.comhttp://support.ctx.org.cn/CTX209497.citrix
Citrix XenServer 6.1: CTX209496 – https://support.citrix.comhttp://support.ctx.org.cn/CTX209496.citrix
Citrix XenServer 6.0.2: CTX209494 – https://support.citrix.comhttp://support.ctx.org.cn/CTX209494.citrix
Citrix XenServer 6.0.2 Common Criteria: CTX209495 – https://support.citrix.comhttp://support.ctx.org.cn/CTX209495.citrix
Citrix XenServer 6.0: CTX209493 – https://support.citrix.comhttp://support.ctx.org.cn/CTX209493.citrix
What Citrix Is Doing
Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at?? /.
Obtaining Support on This Issue
If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at?? http://www.citrix.com/site/ss/supportContacts.asp.
Reporting Security Vulnerabilities
Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 –?? Reporting Security Issues to Citrix
|April 18th 2016||Initial bulletin publishing|
|April 20th 2016||Addition of Changelog, update to URL in What Custoemrs Should Do section|