CVE-2015-3456 – Citrix Security Advisory

When deployed on KVM, all versions of Citrix CloudPlatform earlier than version 4.5.0 are impacted by this issue. Citrix has released updated packages to address this issue and strongly recommends that affected customers apply the packages as soon as possible. These packages can be downloaded from the following locations:

FileName

qemu-img-0.12.1.2-3.448.el6.3.x86_64.rpm

qemu-kvm-0.12.1.2-3.448.el6.3.x86_64.rpm

ShareFile Link

https://citrix.sharefile.com/d-sbcd71fedbf542f49

https://citrix.sharefile.com/d-s7fd8fec1e074d83b

MD5Sum

0a327bffae9a34b2a6e2d85247cc1f04

c3f2f58f1e0a5d309ec1b6bb18b567f3

For versions of Citrix CloudPlatform earlier than 4.5, the hotfix can be applied with the following steps:

  1. On the host console type the following command: yum install qemu-img-0.12.1.2-3.448.el6.3.x86_64.rpm qemu-kvm-0.12.1.2-3.448.el6.3.x86_64.rpm
  2. Stop/start all VMs or restart the host

Customers using Citrix CloudPlatform version 4.5 on CentOS/RHEL 6.5 should update the vendor qemu packages using the vendor’s instructions. Customers using Citrix CloudPlatform version 4.5 on versions of CentOS/RHEL earlier than 6.5 should update the vendor qemu packages using the vendor’s instructions and, if the KVM snapshot feature is enabled, install ccp-qemu-img-1.0-1.x86_64.rpm from the CloudPlatform tarball.

In addition to the application of this hotfix, Citrix strongly recommends that customers using all currently supported versions of CloudPlatform up to and including 4.5.0 apply any updates recommended by the virtualisation platform vendor.

Please note that, following the application of the updated packages, it may be necessary to restart the host servers. As an alternative, customers can restart all VMs on affected hosts to avoid having to restart the host servers.

Customers using Citrix CloudPlatform on Citrix XenServer are advised to follow the guidance provided above for Citrix XenServer.

Related:

  • No Related Posts

Leave a Reply