Recommended Hotfixes for Citrix Hypervisor (Formerly XenServer )

Citrix Hypervisor, formerly XenServer, is powered by the Xen Project hypervisor.

This article contains the complete set of recommended updates/hotfixes for Citrix Hypervisor(formerly XenServer) .

For list of Drivers and versions – CTX257603-Driver versions for XenServer and Citrix Hypervisor

For List of XenServer Tools/Management Agent/Windows Driver Updates refer toCTX235403-Updates to Management Agent – For XenServer 7.0 and later​

For XenServer 6.x hotfixes, refer to CTX138115 – Recommended Hotfixes for XenServer 6.x

Citrix Hypervisor 8.0 XenServer 7.6 XenServer 7.1 CU2 XenServer 7.0

For more information, refer to the following Knowledge Center articles

Note: Citrix recommends updating the XenServer Console before updating any new hotfixes. All XenServer hotfixes can be applied at the same time and the hotfixes in the article are not relevant to the installation order

Hotfix XS80E002 – For Citrix Hypervisor 8.0 All customers who are affected by the issues described in CTX256725 – Citrix Hypervisor Multiple Security Updates should install this hotfix.

Content live patchable** Yes
Hotfix XS80E006 – For Citrix Hypervisor 8.0

All customers who are affected by the issues described in CTX263477 – Citrix Hypervisor Multiple Security Updates should install this hotfix.

Ensure that you also install CTX262555 – Hotfix XS80E005 – For Citrix Hypervisor 8.0 to apply the complete fix.

This security hotfix addresses the vulnerabilities as described in the Security Bulletin above. In addition, it resolves the following issue:

  • When starting multiple VMs as the same time after enabling the PVS Accelerator, a Target Device VM can become stuck at PVS Server login with the error “Login request timeout”.
Content live patchable** No
Hotfix XS80E009 – For Citrix Hypervisor 8.0

This security hotfix addresses the vulnerabilities as described in the Security Bulletin above. In addition, it resolves the following issues:

  • On some hardware, UEFI-booted Citrix Hypervisor servers can crash on reboot.

This hotfix also includes the following previously released hotfixes:

Content live patchable** No
Hotfix XS76E005 –

For XenServer 7.6
All customers who are affected by the issues described in CTX256725 – Citrix XenServer Multiple Security Updates should install this hotfix.

Content live patchable** Yes
Hotfix XS76E010 – For XenServer 7.6

All customers who are affected by the issues described in CTX263477 – Citrix Hypervisor Multiple Security Updates should install this hotfix.

Ensure that you also install CTX262554 – Hotfix XS76E009 – For XenServer 7.6 to apply the complete fix.

This security hotfix addresses the vulnerabilities as described in the Security Bulletin above.

Content live patchable** No
Hotfix XS76E013 – For XenServer 7.6

This security hotfix addresses the vulnerabilities as described in the Security Bulletin above. In addition, it resolves the following issues:

  • On some hardware, UEFI-booted XenServer hosts can crash on reboot.

This hotfix also includes the following previously released hotfixes:

Content live patchable** No

XenServer 7.1 Cumulative Update 2 (XS71ECU2) must be installed by all customers running XenServer 7.1 CU1 as , since March 12 2019 no further hotfixes will be produced for XenServer 7.1 CU1.

XenServer 7.1 Cumulative Update 2 and its subsequent hotfixes are available only to customers on the Customer Success Services program.

For more information about XenServer 7.1 CU2, see the Citrix XenServer 7.1 Cumulative Update 2 Release Notes.

XenCenter 7.1.3

This release of XenCenter is for customers who use XenCenter as the management console for XenServer 7.1 LTSR. XenCenter 7.1 CU2 is released as part of XenServer 7.1 Cumulative Update 2 and is available only to customers on the Customer Success Services program.

We recommend that you install this version of XenCenter before using XenCenter to update XenServer 7.1 CU1 hosts to XenServer 7.1 CU2.

XS71ECU2

XenServer 7.1 Cumulative Update 2 (XS71ECU2) must be installed by customers running XenServer 7.1 LTSR CU1. It includes all previously released XenServer 7.1 CU1 hotfixes. Installation of XS71ECU2 is required for all future functional hotfixes for XenServer 7.1 LTSR.

XenServer 7.1 Cumulative Update 2 and its subsequent hotfixes are available only to customers on the Customer Success Services program.

Citrix will continue to provide security updates to the base XenServer 7.1 CU1 product for a period of three months from the release date of the XenServer 7.1 Cumulative Update 2 (until March 12, 2019). After this three month period elapses, any new hotfixes released will only support XenServer 7.1 with CU2 applied.

For more information about XenServer 7.1 CU2, see the Citrix XenServer 7.1 Cumulative Update 2 Release Notes.

Content live patchable** No
Hotfix XS71ECU2003 – For XenServer 7.1 Cumulative Update 2

This hotfix resolves the following issues:

  • Depending on the guest OS and device, devices passed through to a guest might not function correctly due to missed interrupts.
Content live patchable** No
Hotfix XS71ECU2007 – For XenServer 7.1 Cumulative Update 2

This hotfix resolves the following issues:

  • Improvements to VM performance and stability.
  • A race condition in XenBus can cause pauses in Windows VM operation, which lead to Timeout Detection and Recovery (TDR) events. The TDR can cause the VM to crash.
  • Under low resource situations, Xennet can consume all of the RAM on a Windows VM. This causes the VM to crash.
  • Windows VMs with the XenVBD driver installed can experience a high number of system interrupts when performing storage operations, especially if you are using fast storage and transferring large amounts of data.

This hotfix also includes the drivers required to support Windows Server 2019 VMs on XenServer 7.1 CU2.

Content live patchable** No
Hotfix XS71ECU2011 – For XenServer 7.1 Cumulative Update 2

This hotfix includes the following improvements:

  • Add a template and support for SUSE Linux Enterprise Server 12 SP4 (64-bit)
  • Add a template and support for SUSE Linux Enterprise Desktop 12 SP4 (64-bit)
Content live patchable** No

Hotfix XS71ECU2012 – For XenServer 7.1 Cumulative Update 2 All customers who are affected by the issues described in CTX256725 – Citrix XenServer Multiple Security Updates should install this hotfix.

This security hotfix addresses the vulnerabilities as described in the Security Bulletin above. In addition, it resolves the following issues:

  • If you perform an action that causes the standby storage to go offline, a race condition can cause all of the XenServer hosts in a pool to crash. The error message ‘blocked FC remote port time out’ appears multiple times in the logs.
  • If you shutdown or reboot your XenServer host shortly after starting a lot of guest VPX instances (>20), the XenServer host hangs.

This hotfix also includes the following previously released hotfixes:

Content live patchable** Yes
Hotfix XS71ECU2013 – For XenServer 7.1 Cumulative Update 2

This hotfix resolves the following issues:

  • A reboot of one switch in an MC-LAG bond makes all bond links to go down, causing a total connectivity loss for 3 seconds.
Content live patchable** No
Hotfix XS71ECU2016 – For XenServer 7.1 Cumulative Update 2

This hotfix resolves the following issues:

  • If you have configured your logging to use the legacy logrotate mechanism, you can only retain two files per log. All other log files are removed.
  • On XenServer startup, FCoE services start on bonded devices. This is not a supported state.
Content live patchable** No
Hotfix XS71ECU2017 – For XenServer 7.1 Cumulative Update 2
This hotfix contains the following improvements:

  • Updates to XenServer’s time information to reflect changes to Brazil’s daylight savings time policy in 2019. For more information, see https://www.timeanddate.com/news/time/brazil-scraps-dst.html
  • Updates to the PCI ID database to include information about new hardware.

Additionally, this hotfix resolves the following issues:

  • Logrotate can fail to run if an unexpected file exists. This unexpected file can be left behind if the logrotate operation was previously interrupted.
  • On a Linux guest that has multiple vCPUs, the throughput can be much lower than expected. This issue is caused by interrupts for the VIF queues not being correctly distributed across vCPUs.
Content live patchable** No
Hotfix XS71ECU2020 – For XenServer 7.1 Cumulative Update 2

This hotfix resolves the following issues:

  • This hotfix resolves the following issues:

  • Sometimes, the storage garbage collection process might run continuously, taking snapshots, coalescing them, deleting the snapshots, and then repeating on an almost permanent basis. This introduces high IOPS load for little benefit.
  • When read caching is enabled it is significantly slower to read from the parent snapshot than from the leaf. This is now fixed for sequential reads.
  • On HA-enabled pools, when a task is initiated after a XenServer host has failed, VMs on the host can be blocked from restarting for many hours. This issue occurs when an in-progress coalesce process is not explicitly aborted after the failure.
  • All VMs on a XenServer host can experience slower read/write performance, during a VM disk copy, and up to 512 seconds after the copy finishes. The degradation of performance is caused by cache memory pressure in dom0 causing all tapdisks to incorrectly enter low memory mode.

    Important: This hotfix disables low memory mode. Therefore, VMs might require more memory to be available in dom0. Before applying this hotfix, you can check whether any of your VMs are running in low memory mode by adding the “Tapdisks in Low Memory Mode” graph to the Performance tab in XenCenter. The number of VMs in low memory mode is shown on this graph. We recommended that you increase dom0 memory to make an additional ~1.4MB per VM available in dom0.

This hotfix also includes the following previously released hotfixes:

Content live patchable** No
Hotfix XS71ECU2022 – For XenServer 7.1 Cumulative Update 2

All customers who are affected by the issues described in CTX263477 – Citrix Hypervisor Multiple Security Updates should install this hotfix.

Ensure that you also install CTX262553 – Hotfix XS71ECU2021 – For XenServer 7.1 Cumulative Update 2 to apply the complete fix.

This hotfix also includes the following previously released hotfixes:

Content live patchable** No
Hotfix XS71ECU2026 – For XenServer 7.1 Cumulative Update 2

This security hotfix addresses the vulnerabilities as described in the Security Bulletin above. In addition, it resolves the following issues:

  • On some hardware, UEFI-booted XenServer hosts can crash on reboot.

This hotfix also includes the following previously released hotfixes:

Content live patchable** No
Hotfix XS71ECU2028 – For XenServer 7.1 Cumulative Update 2 This hotfix resolves the following issues:

When attempting to enable Active Directory authentication, you might see the following error in XenCenter: “Could not enable external authentication. The Active Directory Plug-in could not complete the command. Additional information on the logs”. The domainjoin-cli.log file includes the following message: “Failed to write records. Error code [2]”.

Content live patchable** No

Apply the following hotfixes for XenServer 7.0 and restart XenServer when the hotfix installation is complete.

Hotfix XS70E001 –

For XenServer 7.0
This is a XenCenter update (a .exe file) and not a host side Hotfix. This package needs to be installed

on the Windows Machine Running XenCenter
Hotfix XS70E002 – For XenServer 7.0 All customers who are affected by the CVE-2016-2107 issue described in

CTX212736: Citrix XenServer Multiple Security Updates should install this hotfix.
Hotfix XS70E004 – For XenServer 7.0 Important: This is a critical hotfix for customers running XenServer 7.0. All XenServer 7.0

customers must apply this hotfix.
Hotfix XS70E009 – For XenServer 7.0

This hotfix resolves the following issue:

  • In rare circumstances when a XenServer host is enabling HA, or during a host reboot with HA enabled, the host can fail to establish HA communication with the other hosts. This is due to another process on the host using the listening port required by the HA software.
Update XS70EU001 – Management Agent for XenServer 7.0 The Management Agent update resolves the following issues:

  • Installation of Management Agent can fail after installing newer I/O drivers through Windows Update.
  • Failure to reboot a Windows VM after installing XenServer Tools can result in excessive log entries being written to xensource.log and xenstored-access.log until the VM is rebooted. If customers do not reboot the VM, or delay the reboot, excess logs can fill up the XenServer host log partition.
  • The Management Agent can crash and respawn on systems without a terminal services Windows Management Instrumentation (WMI) object causing high CPU usage and excessive logging in /var/log/daemon.
  • If the Management Agent auto update is enabled after installing XenServer Tools, and a new update is available, the initial auto-update can fail due to a race condition that can cause multiple update attempts to occur simultaneously.
Update XS70EU002 – Management Agent for XenServer 7.0 New versions of the I/O drivers, compatible with Microsoft Windows Server 2016 have been released.
Update XS70EU003 – Management Agent for XenServer 7.0
  • The default behavior of the Management Agent has been improved to enable customers to configure whether any I/O driver updates included in the Management Agent should be applied automatically. For more information, see section 4.3.1 Installing XenServer Tools in the XenServer 7.0 Virtual Machine User’s Guide.
  • This version (v7.1.844) of the Management Agent includes new versions of the I/O drivers that are compatible with Microsoft Windows Server 2016. These drivers have been released previously through the Microsoft Windows Server Update Service. For more information, see Update XS70EU002 – Windows I/O Drivers for XenServer 7.0.
Hotfix XS70E018 – For XenServer 7.0 This is a hotfix for customers running XenServer 7.0. All customers who are affected by the issues described in CTX220112: Citrix XenServer Multiple Security Updates should install this hotfix.
  • This is a hotfix for customers running XenServer 7.0. All customers who are affected by the issues described in CTX219378: Citrix XenServer Multiple Security Updates should install this hotfix.
  • This hotfix supports the improvements to XenServer’s Direct Inspect APIs.
Hotfix XS70E024 – For XenServer 7.0
  • When booting a vGPU provisioned Virtual Machine (VM) from network, an interaction between VGA BIOS and VGA emulation code in the vGPU device model can result in the corruption of the VM console in XenCenter.
Hotfix XS70E027 – For XenServer 7.0
  • When Installing XenServer or upgrading XenServer to a newer version, PBIS services get enabled (even when Role-based access control (RBAC) is not used) and display a lot of error messages. Also, this issue consumes a lot of control domain (dom0) resources.
Hotfix XS70E028 – For XenServer 7.0 This hotfix supports the following new guest operating systems.

  • Oracle Linux 6.8
  • Red Hat Enterprise Linux 6.8
  • CentOS 6.8
  • NeoKylin Linux Advanced Server 6.5 ( only 64 bit )
  • NeoKylin Linux Advanced Server 7.2 ( Only 64 bit )
  • SUSE Linux Enterprise Server 11 SP4
Hotfix XS70E037 – For XenServer 7.0

This hotfix addresses the following issue:

  • When attempting to use XenServer Conversion Manager (XCM) Console to connect to an XCM Virtual Appliance that runs on a slave host, the connection fails and the following message is displayed by the console: “There was a failure communicating with the plugin.” This hotfix ensures that the XCM Console can connect to a XCM Virtual Appliance that runs on any XenServer host.
Hotfix XS70E041 – For XenServer 7.0

This hotfix resolves the following issue:

  • When using SSH to connect to XenServer, a user might experience a memory leak in systemd on XenServer.
Hotfix XS70E048 – For XenServer 7.0 This is a hotfix for customers running XenServer 7.0. All customers who are affected by the issues described in CTX230138 – Citrix XenServer Multiple Security Updates should install this hotfix.

This hotfix also includes the following previously released hotfixes:

Hotfix XS70E052 – For XenServer 7.0 This is a hotfix for customers running XenServer 7.0. All customers who are affected by the issues described in CTX232655 – Citrix XenServer Multiple Security Updates should install this hotfix.This security hotfix addresses the vulnerabilities as described in the Security Bulletin above.
Hotfix XS70E065 – For XenServer 7.0

This hotfix resolves the following issues:

  • A race condition caused Windows VMs to hang repeatedly and give an error with Event ID 129: “StorPort detected a SRB timeout, and issued a reset”.
  • XenVBD can consume 100% of a vCPU and can block other processes from using that vCPU.
  • If a restart is performed without clicking on the Yes or No buttons of the restart to complete installation dialog box, the dialog box continues to appear even after restarting the VM.

This hotfix also includes the following previously released hotfixes:

Hotfix XS70E069 – For XenServer 7.0

This hotfix resolves the following issue:

  • If you cancel an ongoing Storage XenMotion, the next attempt to migrate the VM using Storage XenMotion fails with the “VDI Mirroring Cannot be performed” error. However, any subsequent attempts to migrate the VM succeed.

This hotfix also includes the following previously released hotfixes:

Hotfix XS70E071 – For XenServer 7.0 All customers who are affected by the issues described in CTX256725 – Citrix XenServer Multiple Security Updates should install this hotfix.

This hotfix also includes the following previously released hotfixes:

Hotfix XS70E073 – For XenServer 7.0

All customers who are affected by the issues described in CTX263477 – Citrix XenServer Multiple Security Updates should install this hotfix.

Ensure that you also install CTX258417 – Hotfix XS70E072 – For XenServer 7.0 to apply the complete fix.

This security hotfix addresses the vulnerabilities as described in the Security Bulletin above.

This hotfix also includes the following previously released hotfixes:

Hotfix XS70E076 – For XenServer 7.0

This security hotfix addresses the vulnerabilities as described in the Security Bulletin above. In addition, it resolves the following issues:

  • If you are using AMD Zeppelin hardware and perform a rolling pool upgrade from XenServer 7.0 to a later release of XenServer or Citrix Hypervisor, some of your VMs can fail to resume on an upgraded host.
  • On some hardware, UEFI-booted XenServer hosts can crash on reboot.

This hotfix also includes the following previously released hotfixes:

Related:

  • No Related Posts

Leave a Reply