【Vulnerability Alert】Citrix has released security updates for XenServer and Citrix Hypervisor. Administrators are advised to assess and apply the updates promptly!
publish date :
2024-04-19
update date :
2024-04-19
Source: Ministry of education information & communication security contingency platform
Publication Number | TACERT-ANA-2024041808045656 | Publication Time | 2024/04/18 08:28 |
Incident Type | ANA-Vulnerability Alert | Discovery Time | 2024/04/17 16:28 |
Impact Level | Medium | ||
[Subject] 【Vulnerability Alert】Citrix has released security updates for XenServer and Citrix Hypervisor. Administrators are advised to assess and apply the updates promptly! |
|||
[Content] Forwarded from CHTSECURITY-200-202404-00000001 Issues affecting XenServer and Citrix Hypervisor have been discovered: ● CVE-2024-2201 affects deployments using Intel CPUs and may allow malicious unprivileged code in guest virtual machines to infer memory contents belonging to itself or other virtual machines on the same host. ● CVE-2024-31142 affects deployments using AMD CPUs and may allow malicious unprivileged code in guest virtual machines to infer memory contents belonging to itself or other virtual machines on the same host. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
[Affected Platform] ●Affected Platform - System: Citrix ●Affected Platform - Software: XenServer 8 ●Affected Platform - Software: Citrix Hypervisor 8.2 CU1 LTSR |
|||
[Recommended Actions] Citrix has released patches to address these issues. Affected customers are advised to install these patches where possible. ● For XenServer 8 and later versions: https://docs.xenserver.com/en-us/xenserver/8/update ● For Citrix Hypervisor 8.2 CU1 LTSR and later versions: https://support.citrix.com/article/CTX588044 |
|||
[Reference] https://support.citrix.com/article/CTX633151/xenserver-and-citrix-hypervisor-security-update-for-cve202346842-cve20242201-and-cve202431142 |
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center