Government of the Republic of Trinidad and Tobago
gov.tt

TTCSIRT-104.032718: TT-CSIRT Advisory – XenServer Security Updates

TTCSIRT-104.032718: TT-CSIRT Advisory – XenServer Security Updates

Citrix has released a security update stating that a number of vulnerabilities have been identified within Citrix XenServer that could, if exploited, allow a malicious administrator of a guest VM to crash the host and for some XenServer versions, allow a remote attacker to compromise the host.

Details of the vulnerabilities are as follows:

a)CVE-2016-2074: openvswitch: MPLS buffer overflow vulnerability.

b) CVE-2018-7540: DoS via non-preemptable L3/L4 pagetable freeing.

c) CVE-2018-7541: grant table v2 -> v1 transition may crash Xen.

Further information on these vulnerabilities and how they can be mitigated can be found on the Citrix Website at https://support.citrix.com/article/CTX232655