Recommended Hotfixes for XenServer 7.x

Citrix Hypervisor, formerly XenServer, is powered by the Xen Project hypervisor.

This article contains the complete set of recommended updates/hotfixes for XenServer 7.x .

For List of XenServer Tools/Management Agent/Windows Driver Updates refer toCTX235403-Updates to Management Agent – For XenServer 7.0 and later​

For XenServer 6.x hotfixes, refer to CTX138115 – Recommended Hotfixes for XenServer 6.x

XenServer 7.6 XenServer 7.5 XenServer 7.4 XenServer 7.1 CU1 XenServer 7.0

For more information, refer to the following Knowledge Center articles

Note: Citrix recommends updating the XenServer Console before updating any new hotfixes. All XenServer hotfixes can be applied at the same time and the hotfixes in the article are not relevant to the installation order

Hotfix XS76E001 –

For XenServer 7.6
All customers who are affected by the issues described in CTX239100 – Citrix XenServer Multiple Security Updates should install this hotfix.

Content live patchable** Yes
Hotfix XS75E003 –

For XenServer 7.5
All customers who are affected by the issues described in CTX236548 – Citrix XenServer Multiple Security Updates should install this hotfix.

Content live patchable** No
Hotfix XS75E005 –

For XenServer 7.5
All customers who are affected by the issues described in CTX236548 – Citrix XenServer Multiple Security Updates should install this hotfix.

Content live patchable** No
Hotfix XS75E006 –

For XenServer 7.5
All customers who are affected by the issues described in CTX239100 – Citrix XenServer Multiple Security Updates should install this hotfix.

This hotfix also includes the following previously released hotfixes:

Content live patchable** Yes
Hotfix XS74E005 –

For XenServer 7.4
All customers who are affected by the issues described in CTX236548 – Citrix XenServer Multiple Security Updates should install this hotfix.

Content live patchable** No
Hotfix XS74E006 –

For XenServer 7.4
All customers who are affected by the issues described in CTX236548 – Citrix XenServer Multiple Security Updates should install this hotfix..

This hotfix also includes the following previously released hotfixes:

Content live patchable** No
Hotfix XS74E007 –

For XenServer 7.4
All customers who are affected by the issues described in CTX236548 – Citrix XenServer Multiple Security Updates should install this hotfix.

Content live patchable** No

XenServer 7.1 Cumulative Update 1 (XS71ECU1) should be installed by customers running XenServer 7.1. It includes all previously released XenServer 7.1 hotfixes. Installation of XS71ECU1 is required for all future functional hotfixes for XenServer 7.1 LTSR. XenServer 7.1 Cumulative Update 1 and its subsequent hotfixes are available only to customers on the Customer Success Services program.

Citrix will continue to provide security updates to the base XenServer 7.1 product for a period of three months from the release date of the XenServer 7.1 Cumulative Update 1 (until December 11, 2017). After this three month period elapses, any new hotfixes released will only support XenServer 7.1 with CU1 applied.

XenCenter 7.1.2

This release of XenCenter is for customers who use XenCenter as the management console for XenServer 7.1.

XenCenter 7.1.2 is available on the Citrix downloads site as a restricted download. You must sign in to the site and have active membership of the Customer Success Services (CSS) program to access these downloads.

Hotfix XS71ECU1006-

For XenServer 7.1CU1
This is a hotfix for customers running XenServer 7.1 Cumulative Update 1. All customers who are affected by the issues described in CTX230138 – Citrix XenServer Multiple Security Updates should install this hotfix.

Content live patchable* No
Hotfix XS71ECU1013-

For XenServer 7.1CU1
This is a hotfix for customers running XenServer 7.1 Cumulative Update 1. All customers who are affected by the issues described in CTX232655 – Citrix XenServer Multiple Security Updates should install this hotfix.

This security hotfix addresses the vulnerabilities as described in the Security Bulletin above. In addition, it resolves the following issue:

  • If SNMP configuration is modified to request interface statistics Object Identifiers (OIDs) and when SNMP service happens to start before Openvswitch service, all further statistics requests to SNMP returns incorrect data.
Content live patchable* No
Hotfix XS71ECU1015-

For XenServer 7.1CU1

This hotfix addresses following issues:

Customers using Active Directory (AD) with XenCenter are unable to log on to XenCenter, or get disconnected intermittently. In some cases, XenCenter displays incorrect AD group membership details. This hotfix resolves this issue.

Content live patchable* No
Hotfix XS71ECU1019-

For XenServer 7.1CU1

This hotfix resolves the following issues:

  • A race condition in XenBus can cause pauses in Windows VM operation, which lead to Timeout Detection and Recovery (TDR) events. The TDR can cause the VM to crash.
  • Under low resource situations, Xennet can consume all of the RAM on a Windows VM. This causes the VM to crash.
  • XenVBD can consume 100% of a vCPU and can block other processes from using that vCPU.
Content live patchable* No

This hotfix also includes the following previously released hotfixes:

Hotfix XS71ECU1024-

For XenServer 7.1CU1
All customers who are affected by the issues described in CTX236548 – Citrix XenServer Multiple Security Updates should install this hotfix.

This hotfix also includes the following previously released hotfixes:

Content live patchable** No
Hotfix XS71ECU1026-

For XenServer 7.1CU1
All customers who are affected by the issues described in CTX236548 – Citrix XenServer Multiple Security Updates should install this hotfix.

This hotfix also includes the following previously released hotfixes:

Content live patchable** No
Hotfix XS71ECU1029-

For XenServer 7.1CU1

This hotfix resolves the following issues:

  • After rebooting, a XenServer host can fail to connect to iSCSI targets on Compellent arrays.
  • When you attempt to migrate a VM between resource pools, the migration can fail with the following error: Storage_interface.Internal_error(“Jsonrpc.Parse_error(_)”). This migration failure can cause some versions of XenCenter to fail.
  • If you cancel an ongoing Storage XenMotion, the next attempt to migrate the VM using Storage XenMotion fails with the VDI Mirroring Cannot be performed error. However, any subsequent attempts to migrate the VM will succeed.
  • After taking a disk-only snapshot for a VM running in the pool, users randomly fail to access the Virtual Hard Disk (VHD) when trying to unpause the VM, and the VM stops responding. This is caused by time racing in Linux Logical Volume Manager (LVM).
  • In addition, this hotfix includes minor performance improvements when performing a large number of VM I/O operations.

This hotfix also includes the following previously released hotfixes:

Content live patchable** No
Hotfix XS71ECU1030-

For XenServer 7.1CU1

This hotfix resolves the following issues:

  • An incorrect setting in the I/O scheduler for all blktap devices can cause poor I/O performance in certain scenarios, depending on the server hardware, server configuration, VM configuration, and workload. This hotfix includes the correct setting.
  • Due to incorrect maximum sector size used by Dom0 kernel, users failed to copy VDIs to/from SR targets on certain iSCSI disks.
  • For XenServer pools that use certain storage targets, a race condition in the iSCSI module can cause hosts in the pool to crash.
  • It is not possible to attach storage provided by iSCSI target Server on Windows Server 2016 VMs.

This hotfix also includes the following previously released hotfixes:

Content live patchable** Yes
Hotfix XS71ECU1031-

For XenServer 7.1CU1
All customers who are affected by the issues described in CTX239100 – Citrix XenServer Multiple Security Updates should install this hotfix.

This hotfix also includes the following previously released hotfixes:

Content live patchable** Yes

Apply the following hotfixes for XenServer 7.0 and restart XenServer when the hotfix installation is complete.

Hotfix XS70E001 –

For XenServer 7.0
This is a XenCenter update (a .exe file) and not a host side Hotfix. This package needs to be installed

on the Windows Machine Running XenCenter
Hotfix XS70E002 – For XenServer 7.0 All customers who are affected by the CVE-2016-2107 issue described in

CTX212736: Citrix XenServer Multiple Security Updates should install this hotfix.
Hotfix XS70E004 – For XenServer 7.0 Important: This is a critical hotfix for customers running XenServer 7.0. All XenServer 7.0

customers must apply this hotfix.
Hotfix XS70E009 – For XenServer 7.0

This hotfix resolves the following issue:

  • In rare circumstances when a XenServer host is enabling HA, or during a host reboot with HA enabled, the host can fail to establish HA communication with the other hosts. This is due to another process on the host using the listening port required by the HA software.
Update XS70EU001 – Management Agent for XenServer 7.0 The Management Agent update resolves the following issues:

  • Installation of Management Agent can fail after installing newer I/O drivers through Windows Update.
  • Failure to reboot a Windows VM after installing XenServer Tools can result in excessive log entries being written to xensource.log and xenstored-access.log until the VM is rebooted. If customers do not reboot the VM, or delay the reboot, excess logs can fill up the XenServer host log partition.
  • The Management Agent can crash and respawn on systems without a terminal services Windows Management Instrumentation (WMI) object causing high CPU usage and excessive logging in /var/log/daemon.
  • If the Management Agent auto update is enabled after installing XenServer Tools, and a new update is available, the initial auto-update can fail due to a race condition that can cause multiple update attempts to occur simultaneously.
Update XS70EU002 – Management Agent for XenServer 7.0 New versions of the I/O drivers, compatible with Microsoft Windows Server 2016 have been released.
Update XS70EU003 – Management Agent for XenServer 7.0
  • The default behavior of the Management Agent has been improved to enable customers to configure whether any I/O driver updates included in the Management Agent should be applied automatically. For more information, see section 4.3.1 Installing XenServer Tools in the XenServer 7.0 Virtual Machine User’s Guide.
  • This version (v7.1.844) of the Management Agent includes new versions of the I/O drivers that are compatible with Microsoft Windows Server 2016. These drivers have been released previously through the Microsoft Windows Server Update Service. For more information, see Update XS70EU002 – Windows I/O Drivers for XenServer 7.0.
Hotfix XS70E018 – For XenServer 7.0 This is a hotfix for customers running XenServer 7.0. All customers who are affected by the issues described in CTX220112: Citrix XenServer Multiple Security Updates should install this hotfix.
  • This is a hotfix for customers running XenServer 7.0. All customers who are affected by the issues described in CTX219378: Citrix XenServer Multiple Security Updates should install this hotfix.
  • This hotfix supports the improvements to XenServer’s Direct Inspect APIs.
Hotfix XS70E024 – For XenServer 7.0
  • When booting a vGPU provisioned Virtual Machine (VM) from network, an interaction between VGA BIOS and VGA emulation code in the vGPU device model can result in the corruption of the VM console in XenCenter.
Hotfix XS70E027 – For XenServer 7.0
  • When Installing XenServer or upgrading XenServer to a newer version, PBIS services get enabled (even when Role-based access control (RBAC) is not used) and display a lot of error messages. Also, this issue consumes a lot of control domain (dom0) resources.
Hotfix XS70E028 – For XenServer 7.0 This hotfix supports the following new guest operating systems.

  • Oracle Linux 6.8
  • Red Hat Enterprise Linux 6.8
  • CentOS 6.8
  • NeoKylin Linux Advanced Server 6.5 ( only 64 bit )
  • NeoKylin Linux Advanced Server 7.2 ( Only 64 bit )
  • SUSE Linux Enterprise Server 11 SP4
Hotfix XS70E037 – For XenServer 7.0

This hotfix addresses the following issue:

  • When attempting to use XenServer Conversion Manager (XCM) Console to connect to an XCM Virtual Appliance that runs on a slave host, the connection fails and the following message is displayed by the console: “There was a failure communicating with the plugin.” This hotfix ensures that the XCM Console can connect to a XCM Virtual Appliance that runs on any XenServer host.
Hotfix XS70E041 – For XenServer 7.0

This hotfix resolves the following issue:

  • When using SSH to connect to XenServer, a user might experience a memory leak in systemd on XenServer.
Hotfix XS70E042 – For XenServer 7.0

This hotfix resolves the following issues:

  • Excessive input/output from a process could trigger a SCSI target reset while the process is still ongoing. This leads to tapdisk logs reporting invalid request type and/or invalid number of segments, and filling up the Dom0 log partition. This issue occurs due to a race condition that leads to an incorrect reference count.
  • When running XenDesktop on XenServer, if you have logged on to the console session using terminal services, then, multiple XenDpriv.exe processes are seen running. This issue occurs when VMs treat all logins as if they were console logins.
  • When installing windows PV tools on Windows 10 and Windows Server 2016, users are not notified to reboot the VM in order to continue with the driver installation.
  • If the clipboard buffer on a VM contains the “%s” format specifier, the VM can bug check with error SYSTEM_SERVICE_EXCEPTION 0x3B (c0000005).
  • When a Virtual Network Interface (VIF) receives malformed packets, the virtual CPU (vCPU) can cause Windows VMs to rise to 100% CPU usage and become unresponsive at the console.

This hotfix also includes the following previously released hotfix:

Hotfix XS70E043 – For XenServer 7.0

This hotfix resolves the following issue:

  • Under certain workloads on Skylake and Kaby Lake processors with Hyper-Threading enabled, applications can crash or incorrect program behavior can be observed. Microcode update fixes this issue.
Hotfix XS70E048 – For XenServer 7.0 This is a hotfix for customers running XenServer 7.0. All customers who are affected by the issues described in CTX230138 – Citrix XenServer Multiple Security Updates should install this hotfix.

This hotfix also includes the following previously released hotfixes:

Hotfix XS70E052 – For XenServer 7.0 This is a hotfix for customers running XenServer 7.0. All customers who are affected by the issues described in CTX232655 – Citrix XenServer Multiple Security Updates should install this hotfix.This security hotfix addresses the vulnerabilities as described in the Security Bulletin above.
Hotfix XS70E060 – For XenServer 7.0

This is a hotfix for customers running XenServer 7.0.

All customers who are affected by the issues described in CTX236548 – Citrix XenServer Multiple Security Updates should install this hotfix.

This hotfix also includes the following previously released hotfixes:

Hotfix XS70E061 – For XenServer 7.0

This is a hotfix for customers running XenServer 7.0.

All customers who are affected by the issues described in CTX236548 – Citrix XenServer Multiple Security Updates should install this hotfix.

Hotfix XS70E062 – For XenServer 7.0

This hotfix resolves the following issues:

  • Virtual machines (VMs) configured with in-guest software RAID may fail to cleanly shut down or restart.
  • After taking a disk-only snapshot for a VM running in the pool, users randomly fail to access the Virtual Hard Disk (VHD) when trying to unpause the VM, and the VM stops responding. This is caused by time racing in Linux Logical Volume Manager (LVM).
  • After rebooting, a XenServer host can fail to connect to iSCSI targets on Compellent arrays.
  • When Intellicache mirroring fails due to ENOSPC on shared storage, the VBD image list gets truncated to point to itself. This causes an infinite loop and can lead to the I/O datapath stopping and subsequently VMs freezing.
  • When a pool master node executes multi-step plugins on the pool member nodes after important events such as coalesce, the plugin continues to execute through all its steps even if one of the previous ones have failed. This can lead to complications such that the other VDI operations are permanently blocked with OTHER_OPERATION_IN_PROGRESS.
  • After deleting a snapshot on a pool member that is not the pool master, a coalesce operation may not succeed. In such cases, the coalesce process can constantly retry to complete the operation, resulting in the creation of multiple RefCounts that can consume a lot of space on the pool member.
  • The storage cleanup process initiated after a VDI destroy can conflict with ongoing VDI copy processes (including Storage XenMotion), causing subsequent operations on the SR to fail.

This hotfix also includes the following previously released hotfixes:

Hotfix XS70E063 – For XenServer 7.0

This hotfix resolves the following issues:

  • High Availability (HA) enabled VMs can take longer to restart after a HA failover.
  • In rare cases, when a XenServer host in a pool is restarted, it may not be able to rejoin the pool.
  • In rare cases, attempts to shut down a XenServer host in a pool may not succeed.
  • On HA-enabled pools, when a task is initiated after a XenServer host has failed, VMs running on the host can take longer (about 10 minutes) to restart. This issue occurs when a task is assigned to the host after it has failed, but before XAPI is aware of the host failure. In such cases, the task doesn’t get cancelled even when XAPI is notified about the failure, causing delays in restarting the VMs.
  • When migrating VMs that have Dynamic Memory Control (DMC) enabled, the VMs shutdown operation can unexpectedly fail. This is caused by reducing memory allocation before shutdown and this operation taking longer than expected.
  • On Nutanix hosts, the host’s memory-overhead is miscalculated after first boot. This is because XAPI calculates the available host RAM on startup assuming no domains other than the XenServer Control Domain are running. On first boot this is true but on subsequent boots, the Nutanix Controller VM (CVM) is started before XAPI.

This hotfix also includes the following previously released hotfixes:

Related:

  • No Related Posts

Leave a Reply