Recommended Hotfixes for XenServer 7.x

Public Availability: Security fixes to Xen

This security hotfix addresses the vulnerabilities as described in the linked Security Bulletin. In addition, it resolves the following issues:

• On some systems, the XenServer host fails to boot when 4096 MB or more memory is assigned to dom0.
• When starting a VM with more than 16 PCI devices assigned, the VM fails to start and the following error appears in the logs: “Error: hit limit of 16 RMRR devices for domain”.
• If you have not rebooted your XenServer 7.1 host after applying Cumulative Update 2 and you try to start, reboot, or resume a suspended VM on the host, the operation fails. You might also notice coredump files in any server status reports you collect in this state.

Public Availability: fixes to OVS

This hotfix resolves the following issues:

• A reboot of one switch in an MC-LAG bond makes all bond links to go down, causing a total connectivity loss for 3 seconds.

Public Availability: fixes to xenserver-release

This hotfix resolves the following issues:

• If you have configured your logging to use the legacy logrotate mechanism, you can only retain two files per log. All other log files are removed.
• On XenServer startup, FCoE services start on bonded devices. This is not a supported state.

Public Availability: fixes to Dom0 libraries

This hotfix contains the following improvements:

• Updates to XenServer’s time information to reflect changes to Brazil’s daylight savings time policy in 2019. For more information, see https://www.timeanddate.com/news/time/brazil-scraps-dst.html
• Updates to the PCI ID database to include information about new hardware.

Additionally, this hotfix resolves the following issues:

• Logrotate can fail to run if an unexpected file exists. This unexpected file can be left behind if the logrotate operation was previously interrupted.
• On a Linux guest that has multiple vCPUs, the throughput can be much lower than expected. This issue is caused by interrupts for the VIF queues not being correctly distributed across vCPUs.

Public Availability: fixes to Authentication

This hotfix resolves the following issues:

• When attempting to enable Active Directory authentication, you might see the following error in XenCenter: “Could not enable external authentication. The Active Directory Plug-in could not complete the command. Additional information on the logs”. The domainjoin-cli.log file includes the following message: “Failed to write records. Error code [2]”.

Public Availability: fixes to Transfer VM

This hotfix resolves the following issues:

• In a pool with shared storage that has two or more physical block devices connected to the Transfer VM template, the uninstall of the Transfer VM template can fail.
• If you attempt to import or export an OVA or OVF file, it might fail with the following error: “InvalidIPError: The supplied IP address x.x.x.x is invalid.” This failure occurs when any of the octets in the IP address have a value of 255.

Public Availability: fixes to XenCenter

This hotfix contains the following improvements:

• The version of putty included within XenCenter is updated to v0.73.
• XenCenter now alerts you when the version of your managed XenServer hosts is approaching end of life or reaches end of life.
• XenCenter also alerts you when a Cumulative Update is approaching or has passed a date when there will be no further hotfixes issued for that release.

Public Availability: Security fix for OpenSSH

This security hotfix addresses the vulnerabilities as described in the linked Security Bulletin.

Public Availability: fixes to Windows and Linux Guest Tools

This hotfix contains the following improvements:

• New Windows I/O drivers (9.x.x.x) with improved performance are provided for the following operating systems: Windows 8.1, Windows 10, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server Core 2016, Windows Server 2019, Windows Server Core 2019.
• Improved Windows timekeeping through periodic synchronization with the real-time clock.

This hotfix resolves the following issues:

• On Windows VMs with the xeniface 8.2.1.123 driver installed, the time service can become unsynchronized.
• If you have Management Agent version 9.0.0.14 installed, you might see a memory leak in the Management Agent process.
• If you have the Management Agent installed on your Windows VM, attempting to copy more than 1 MB of text to the clipboard can cause your VM to become unresponsive.
• On your Linux VMs, if you upgrade the version of Citrix VM Tools from the version provided with XenServer 7.1 or earlier to the version provided with XenServer 7.1 CU 1 or later, you cannot use some of the xenstore utilities. This might break tools or scripts that use these utilities.

This hotfix also includes the following previously released hotfix:

• CTX253814 – Hotfix XS71ECU2007 – For XenServer 7.1 Cumulative Update 2

Public Availability: Support for RHEL8.0 CentOS8.0 and SLES 15 SP1

• XS71ECU2035

Public Availability: fixes to Dom0 kernel

This hotfix contains the following improvements:

• Improvements to boot time, memory accounting and stability of Citrix Hypervisor on systems with large amount of RAM. To get the full benefits of this improvement you must also install Hotfix XS71ECU2042 after this hotfix.

This hotfix also includes the following previously released hotfixes:

• CTX244539 – Hotfix XS71ECU2001 – For XenServer 7.1 Cumulative Update 2
• CTX256712 – Hotfix XS71ECU2012 – For XenServer 7.1 Cumulative Update 2
• CTX272280 – Hotfix XS71ECU2039 – For XenServer 7.1 Cumulative Update 2

Public Availability: fixes to Storage Manager.

This hotfix resolves the following issues:

• When Intellicache is enabled on your Citrix Hypervisor server and you attempt to start a VM, the action might fail with the message “VDI not available”. This occurs when the cache SR is out of space, but caching is not disabled.
• A race condition in leaf coalesce can occasionally cause toolstack operation on a VM to fail.
• If installation of a hotfix interrupts garbage collection on the storage manager and the hotfix requires a restart, some VMs might fail to resume after the restart.

This hotfix also includes the following previously released hotfixes:

• CTX256836 – Hotfix XS71ECU2009 – For XenServer 7.1 Cumulative Update 2
• CTX262019 – Hotfix XS71ECU2019 – For XenServer 7.1 Cumulative Update 2
• CTX265619 – Hotfix XS71ECU2020 – For XenServer 7.1 Cumulative Update 2
• CTX269637 – Hotfix XS71ECU2031 – For XenServer 7.1 Cumulative Update 2

Public Availability: Security fixes to Xen Device model

This security hotfix addresses the vulnerabilities as described in the linked Security Bulletin. In addition, it resolves the following issues:

• VMs might fail to correctly migrate after hot-unplugging a VIF. VMs might fail to resume after suspending if a VIF had been hot-unplugged.

This hotfix also includes the following previously released hotfixes:

• CTX247946 – Hotfix XS71ECU2003 – For XenServer 7.1 Cumulative Update 2

• XS71ECU2002

Public Availability: Security fixes to Xen

This security hotfix addresses the vulnerabilities as described in the linked Security Bulletin.

This hotfix also includes the following previously released hotfixes:

• CTX246443 – Hotfix XS71ECU2002 – For XenServer 7.1 Cumulative Update 2
• CTX250039 – Hotfix XS71ECU2008 – For XenServer 7.1 Cumulative Update 2
• CTX258418 – Hotfix XS71ECU2014 – For XenServer 7.1 Cumulative Update 2
• CTX262553 – Hotfix XS71ECU2021 – For XenServer 7.1 Cumulative Update 2
• CTX263618 – Hotfix XS71ECU2026 – For XenServer 7.1 Cumulative Update 2
• CTX272276 – Hotfix XS71ECU2038 – For XenServer 7.1 Cumulative Update 2
• CTX277441 – Hotfix XS71ECU2042 – For XenServer 7.1 Cumulative Update 2
• CTX281572 – Hotfix XS71ECU2046 – For XenServer 7.1 Cumulative Update 2
• CTX283444 – Hotfix XS71ECU2047 – For XenServer 7.1 Cumulative Update 2
• CTX283508 – Hotfix XS71ECU2048 – For XenServer 7.1 Cumulative Update 2
• CTX285170 – Hotfix XS71ECU2050 – For XenServer 7.1 Cumulative Update 2
• CTX286457 – Hotfix XS71ECU2051 – For XenServer 7.1 Cumulative Update 2

• XS71ECU2041

Public Availability: fixes to Windows and Linux Guest Tools

This hotfix contains the following improvements:

• In Citrix VM Tools for Windows, an update to the xenbus driver takes advantage of the new Autoreboot registry key. This registry setting specifies the maximum number of reboots that are automatically completed when using Windows Update to update your drivers. Ensuring that all reboots are completed can prevent temporary loss of static network settings during driver update.

  Set this registry key before updating to the latest version of the Citrix VM Tools for Windows. For more information, see Setting automatic reboots when updating the Citrix VM Tools for Windows.

This hotfix resolves the following issues:

• If you attempt to install the Citrix VM Tools for Linux on a fully up to date CentOS 8 system, you see the error: Fatal Error: Failed to determine Linux distribution and version. This is caused by changes in that CentOS 8 updates release on Dec 08, 2020.

Note:To create CentOS 8 VMs on XenServer 7.1 Cumulative Update 2, you must also install Hotfix XS71ECU2036 – For XenServer 7.1 Cumulative Update 2

This hotfix also includes the following previously released hotfixes:

• CTX253814 – Hotfix XS71ECU2007 – For XenServer 7.1 Cumulative Update 2
• CTX283401 – Hotfix XS71ECU2035 – For XenServer 7.1 Cumulative Update 2

Public Availability: fixes to Toolstack

This hotfix resolves the following issues:

• If you create a backup of a XenServer host that has UEFI boot enabled and then attempt to use the “Restore from backup” capability of the installation media, the restore operation can fail with the error: “No existing bootloader configuration found”.
• If you have enabled external Active Directory authentication, XenCenter might show the following error message after you reboot a XenServer host: “The authentication request could not be handled.” In this case, XenServer prevents you from logging in with an authorized Active Directory domain account for up to half an hour after reboot.
• If, during the shutdown of a VM, you trigger a forced reboot, this can cause the VM to get into a bad power state.
• While restarting XAPI on the pool master, a VM shutdown on a pool member can fail with “Object […] does not exists in xenopsd”, resulting in an incorrect VM power-state.

This hotfix also includes the following previously released hotfixes:

• CTX247941 – Hotfix XS71ECU2004 – For XenServer 7.1 Cumulative Update 2
• CTX256769 – Hotfix XS71ECU2010 – For XenServer 7.1 Cumulative Update 2
• CTX260868 – Hotfix XS71ECU2015 – For XenServer 7.1 Cumulative Update 2
• CTX262817 – Hotfix XS71ECU2018 – For XenServer 7.1 Cumulative Update 2
• CTX258424 – Hotfix XS71ECU2022 – For XenServer 7.1 Cumulative Update 2
• CTX270856 – Hotfix XS71ECU2030 – For XenServer 7.1 Cumulative Update 2
• CTX277759 – Hotfix XS71ECU2040 – For XenServer 7.1 Cumulative Update 2
• CTX284884 – Hotfix XS71ECU2045 – For XenServer 7.1 Cumulative Update 2
• CTX286798 – Hotfix XS71ECU2053 – For XenServer 7.1 Cumulative Update 2

Public Availability: Security fixes to Dom0 kernel

This security hotfix addresses the vulnerabilities as described in the linked Security Bulletin. In addition, it resolves the following issues:

• On systems with a large number of CPUs, VMs can fail during live migration. This issue occurs when the VM consumes more than the available number of grant pages. This fix decreases the number of grant pages that are assigned to a VM by default.
• Fixes a networking performance regression introduced in security hotfix XS71ECU2049 for CVE-2020-27673.

This hotfix also includes the following previously released hotfixes:

• CTX244539 – Hotfix XS71ECU2001 – For XenServer 7.1 Cumulative Update 2
• CTX256712 – Hotfix XS71ECU2012 – For XenServer 7.1 Cumulative Update 2
• CTX272280 – Hotfix XS71ECU2039 – For XenServer 7.1 Cumulative Update 2
• CTX277591 – Hotfix XS71ECU2041 – For XenServer 7.1 Cumulative Update 2
• CTX283514 – Hotfix XS71ECU2049 – For XenServer 7.1 Cumulative Update 2
• CTX286802 – Hotfix XS71ECU2054 – For XenServer 7.1 Cumulative Update 2
• CTX294143 – Hotfix XS71ECU2057 – For XenServer 7.1 Cumulative Update 2

Public Availability: Xapi fix for storage data corruption

This hotfix resolves a potential data corruption issue affecting all types of storage repository on XenServer 7.0. For exact details of the issue, please see CTX214768.

Public Availability: fix for High Availability

This hotfix resolves the following issue:

• In rare circumstances when a XenServer host is enabling HA, or during a host reboot with HA enabled, the host can fail to establish HA communication with the other hosts. This is due to another process on the host using the listening port required by the HA software.

• XS70E004

Public Availability: security fixes to NTP

This security hotfix addresses the vulnerabilities as described in the linked Security Bulletin.

• XS70E004

Public Availability: fixes to vGPU

This hotfix resolves the following issue:

• When booting a vGPU provisioned Virtual Machine (VM) from network, an interaction between VGA BIOS and VGA emulation code in the vGPU device model can result in the corruption of the VM console in XenCenter.

• XS70E004

Public Availability: Fixes for user authentication

This hotfix resolves the following issue:

• When Installing XenServer or upgrading XenServer to a newer version, PBIS services get enabled (even when Role-based access control (RBAC) is not used) and display a lot of error messages. Also, this issue consumes a lot of control domain (dom0) resources.

This hotfix includes the following previously released hotfix:

• CTX213769 – Hotfix XS70E003 – For XenServer 7.0

• XS70E004

Public Availability: Support for new Guest Operating Systems

This hotfix supports the following new guest operating systems for Long Term Support (LTS):

• XS70E004

Public Availability: Conversion manager Xapi plug-in fix

This hotfix addresses the following issue:

• When attempting to use XenServer Conversion Manager (XCM) Console to connect to an XCM Virtual Appliance that runs on a slave host, the connection fails and the following message is displayed by the console: “There was a failure communicating with the plugin.” This hotfix ensures that the XCM Console can connect to a XCM Virtual Appliance that runs on any XenServer host.

• XS70E004

Public Availability: fixes to systemd

This hotfix resolves the following issue:

• When using SSH to connect to XenServer, a user might experience a memory leak in systemd on XenServer.

• XS70E004

Public Availability: Security fixes to Open vSwitch

This security hotfix addresses the vulnerabilities as described in the linked Security Bulletin.

• XS70E004

Public Availability: updates to openSSL

This hotfix updates the OpenSSL version to v1.0.2.

This hotfix also includes the following previously released hotfix:

• CTX213770 – Hotfix XS70E002- For XenServer 7.0

• XS70E004

Public Availability: XenTools fixes

This hotfix resolves the following issues:

• A race condition caused Windows VMs to hang repeatedly and give an error with Event ID 129: “StorPort detected a SRB timeout, and issued a reset”.
• XenVBD can consume 100% of a vCPU and can block other processes from using that vCPU.
• If a restart is performed without clicking on the Yes or No buttons of the restart to complete installation dialog box, the dialog box continues to appear even after restarting the VM.

This hotfix also includes the following previously released hotfixes:

• CTX217114 – Hotfix XS70E011 – For XenServer 7.0
• CTX219284 – Hotfix XS70E013 – For XenServer 7.0
• CTX228552 – Hotfix XS70E042 – For XenServer 7.0

• XS70E004

Public Availability: fixes to Storage

This hotfix resolves the following issue:

• If you cancel an ongoing Storage XenMotion, the next attempt to migrate the VM using Storage XenMotion fails with the “VDI Mirroring Cannot be performed” error. However, any subsequent attempts to migrate the VM succeed.

This hotfix also includes the following previously released hotfixes:

• CTX215416 – Hotfix XS70E005 – For XenServer 7.0
• CTX223825 – Hotfix XS70E030 – For XenServer 7.0
• CTX238218 – Hotfix XS70E062 – For XenServer 7.0

• XS70E004

Public Availability: Security fixes to Xen Device Model

This security hotfix addresses the vulnerabilities as described in the linked Security Bulletin. In addition, it resolves the following issues:

• VMs might fail to correctly migrate after hot-unplugging a VIF. VMs might fail to resume after suspending if a VIF had been hot-unplugged.

This hotfix also includes the following previously released hotfixes:

• CTX218287 – Hotfix XS70E015 – For XenServer 7.0
• CTX218900 – Hotfix XS70E020 – For XenServer 7.0
• CTX219203 – Hotfix XS70E022 – For XenServer 7.0
• CTX220760 – Hotfix XS70E029 – For XenServer 7.0
• CTX221571 – Hotfix XS70E031 – For XenServer 7.0
• CTX229539 – Hotfix XS70E048 – For XenServer 7.0

• XS70E004

Public Availability: Security fixes to Xen

This security hotfix addresses the vulnerabilities as described in the linked Security Bulletin.

This hotfix also includes the following previously released hotfixes:

• CTX214992 – Hotfix XS70E008 – For XenServer 7.0
• CTX216463 – Hotfix XS70E012 – For XenServer 7.0
• CTX217644 – Hotfix XS70E014 – For XenServer 7.0
• CTX218899 – Hotfix XS70E019 – For XenServer 7.0
• CTX219498 – Hotfix XS70E023 – For XenServer 7.0
• CTX222423 – Hotfix XS70E032 – For XenServer 7.0
• CTX223289 – Hotfix XS70E034 – For XenServer 7.0
• CTX224690 – Hotfix XS70E035 – For XenServer 7.0
• CTX226374 – Hotfix XS70E039 – For XenServer 7.0
• CTX227587 – Hotfix XS70E043 – For XenServer 7.0
• CTX227233 – Hotfix XS70E044 – For XenServer 7.0
• CTX228719 – Hotfix XS70E046 – For XenServer 7.0
• CTX229064 – Hotfix XS70E047 – For XenServer 7.0
• CTX229544 – Hotfix XS70E049 – For XenServer 7.0
• CTX230787 – Hotfix XS70E050 – For XenServer 7.0
• CTX233364 – Hotfix XS70E051 – For XenServer 7.0
• CTX234436 – Hotfix XS70E055 – For XenServer 7.0
• CTX235130 – Hotfix XS70E057 – For XenServer 7.0
• CTX235958 – Hotfix XS70E058 – For XenServer 7.0
• CTX236149 – Hotfix XS70E059 – For XenServer 7.0
• CTX237090 – Hotfix XS70E060 – For XenServer 7.0
• CTX239434 – Hotfix XS70E064 – For XenServer 7.0
• CTX246441 – Hotfix XS70E066 – For XenServer 7.0
• CTX250038 – Hotfix XS70E068 – For XenServer 7.0
• CTX258417 – Hotfix XS70E072 – For XenServer 7.0
• CTX263660 – Hotfix XS70E075 – For XenServer 7.0
• CTX263617 – Hotfix XS70E076 – For XenServer 7.0
• CTX270792 – Hotfix XS70E077 – For XenServer 7.0
• CTX272275 – Hotfix XS70E078 – For XenServer 7.0
• CTX277440 – Hotfix XS70E080 – For XenServer 7.0
• CTX281571 – Hotfix XS70E082 – For XenServer 7.0
• CTX283443 – Hotfix XS70E083 – For XenServer 7.0
• CTX283507 – Hotfix XS70E084 – For XenServer 7.0
• CTX285169 – Hotfix XS70E086 – For XenServer 7.0
• CTX286456 – Hotfix XS70E087 – For XenServer 7.0

• XS70E004

Public Availability: Security fixes to Toolstack

This security hotfix addresses the vulnerabilities as described in the linked Security Bulletin.

This hotfix also includes the following previously released hotfixes:

• CTX215415 – Hotfix XS70E006 – For XenServer 7.0
• CTX215899 – Hotfix XS70E010 – For XenServer 7.0
• CTX218673 – Hotfix XS70E017 – For XenServer 7.0
• CTX218902 – Hotfix XS70E021 – For XenServer 7.0
• CTX220244 – Hotfix XS70E025 – For XenServer 7.0
• CTX224481 – Hotfix XS70E033 – For XenServer 7.0
• CTX229290 – Hotfix XS70E045 – For XenServer 7.0
• CTX234341 – Hotfix XS70E053 – For XenServer 7.0
• CTX238219 – Hotfix XS70E063 – For XenServer 7.0
• CTX255899 – SUPERSEDED – Hotfix XS70E067 – For XenServer 7.0
• CTX256586 – Hotfix XS70E070 – For XenServer 7.0
• CTX258423 – Hotfix XS70E073 – For XenServer 7.0

• XS70E004

Public Availability: Security fixes to Dom0 kernel

This security hotfix addresses the vulnerabilities as described in the linked Security Bulletin.

This hotfix also includes the following previously released hotfixes:

• CTX218332 – Hotfix XS70E016 – For XenServer 7.0
• CTX220283 – Hotfix XS70E026 – For XenServer 7.0
• CTX224696 – Hotfix XS70E036 – For XenServer 7.0
• CTX226334 – Hotfix XS70E038 – For XenServer 7.0
• CTX226377 – Hotfix XS70E040 – For XenServer 7.0
• CTX234564 – Hotfix XS70E054 – For XenServer 7.0
• CTX237092 – Hotfix XS70E061 – For XenServer 7.0
• CTX256711 – Hotfix XS70E071 – For XenServer 7.0
• CTX272279 – Hotfix XS70E079 – For XenServer 7.0
• CTX283512 – Hotfix XS70E085 – For XenServer 7.0
• CTX286801 – Hotfix XS70E090 – For XenServer 7.0
• CTX294141 – Hotfix XS70E091 – For XenServer 7.0

• XS70E004