TTCSIRT-104.032718: TT-CSIRT Advisory – XenServer Security Updates
Citrix has released a security update stating that a number of vulnerabilities have been identified within Citrix XenServer that could, if exploited, allow a malicious administrator of a guest VM to crash the host and for some XenServer versions, allow a remote attacker to compromise the host.
Details of the vulnerabilities are as follows:
a)CVE-2016-2074: openvswitch: MPLS buffer overflow vulnerability.
b) CVE-2018-7540: DoS via non-preemptable L3/L4 pagetable freeing.
c) CVE-2018-7541: grant table v2 -> v1 transition may crash Xen.
|Further information on these vulnerabilities and how they can be mitigated can be found on the Citrix Website at https://support.citrix.com/article/CTX232655|