A vulnerability has been recently disclosed in the glibc gethostbyname() function. This issue could potentially allow an attacker to inject code into a process that calls the vulnerable function. The issue is known as the GHOST vulnerability and has been assigned the following CVE identifier:
The vulnerable function is provided by some Linux based operating systems. Customers managing Linux platforms on which Citrix components are deployed are advised to apply any appropriate operating system updates as soon as possible.
A number of Citrix products incorporate Linux components. The following sections provide guidance on the impact and mitigation steps for these products. Citrix products that do not include or execute on a Linux based platform are not impacted by this vulnerability.
Citrix NetScaler MPX and VPX, and all Windows based components of XenDesktop and XenApp, do not include or use the vulnerable function and are therefore not impacted by this issue.