Number: AV18-049
Date: 22 March 2018
Purpose
The purpose of this advisory is to bring attention to a recently released Citrix security bulletin.
Assessment
Citrix has released security updates to address vulnerabilities in its XenServer. A remote user could exploit some of these vulnerabilities to take control of an affected system.
Affected Version:
- XenServer 7.3
- XenServer 7.2
- XenServer 7.1 LTSR Cumulative Update 1
- XenServer 7.0
CVE References: CVE-2016-2074, CVE-2018-7540, CVE-2018-7541
Suggested action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References
https://support.citrix.com/article/CTX232655
https://support.citrix.com/article/CTX233368
https://support.citrix.com/article/CTX233366
https://support.citrix.com/article/CTX233363
https://support.citrix.com/article/CTX233365
https://support.citrix.com/article/CTX233362
https://support.citrix.com/article/CTX233364