Alerts     Sign In
Rate this Article:
You must be signed in to rate again
 Article Feedback Print View
Alternate Languages: N/A

XenServer 4.0.1 Hotfix 2007-001

Document ID: CTX118090   /   Created On: Aug 7, 2008   /   Updated On: Aug 11, 2008
Average Rating: not yet rated
Download 2007-001.zip

This is the hotfix readme for Citrix XenServer 4.0.1 hotfix 2007-001. Citrix strongly encourages XenServer users to install this update at their earliest convenience.

Issue(s) addressed in this hotfix

This security update fixes a vulnerability in XenServer version 4.0.x that can allow root escalation from virtual machines in domain 0.

Installing this hotfix

The hotfix must be installed on all XenServer hosts, including each host in a XenEnterprise pool. Complete the following procedure for each host:

1. Download the security update by clicking the Download link at the top of the page. The update file is inside the 2007-001.zip file.

2. Copy the security update to your XenExpress, XenServer, or XenEnterprise host. We recommend using the pscp or WinSCP utility for Windows, the scp utility for Linux or Mac clients, or a removable USB storage device.

3. Assuming you have saved the file as /root/hotfix-2007-001.xepatch on the XenServer host, run the following command to upload the patch into the system database:

xe patch-upload file-name=/root/hotfix-2007-001.xepatch

This command should be run on the local console of the affected XenServer host, or by using Secure Shell (SSH) or PuTTY to run the command remotely.

4. Identify the Universally Unique Identifier (UUID) of the patch in the system database using the following command (again, this command should be run on the local console of the XenServer host affected, or by using SSH or PuTTY to run the command remotely):

xe patch-list

You will see output like the following:

uuid ( RO)                : e80a2309-a6f1-74ef-63c8-1586e97d805e
           host-uuid ( RO): c9edf9e6-e8b1-4ede-92b7-720c039b4471
          name-label ( RO): hotfix-2007-001-CA-9621
    name-description ( RO): Fixes a security vulnerability that allows
root escalation from virtual machines to domain 0 by installation of a
maliciously-crafted bootloader configuration in the virtual machine.
             applied ( RO): never
                size ( RO): 9295

While there might be several entries in this list, you are interested in the entry marked "applied ( RO): never". Make a note of the UUID of this patch.

5. Apply the patch you determined to be the appropriate one in the previous step by running the following command. Rather than typing the full UUID, you can type the first few characters then press the TAB key to expand the UUID automatically (replace the UUID in this example with the UUID you determined above):

xe patch-apply uuid=e80a2309-a6f1-74ef-63c8-1586e97d805e

Be sure to repeat this process for each server in your pool, if applicable.

Note: You must perform both the upload and apply steps once for each host in a pool.

Support

If you have questions or encounter difficulties, you may contact Citrix Technical Support if you have a support agreement directly with Citrix. Otherwise, check with your Citrix Solution Advisor, or check the XenServer forums for assistance from other users.


This document applies to:

Search
Knowledge Center
Advanced Search
XenApp
XenApp Plugins (Clients)
XenServer
XenDesktop
NetScaler Application Delivery
Access Gateway
EdgeSight
Provisioning Server
WANScaler
Password Manager
>> View All Products
Browse and search our Beta library. Planning, installation, maintenance, and readme info merged into one collection.
©1999-2009 Citrix Systems, Inc. All rights reserved.