Number: AV18-139
Date: 16 August 2018
Purpose
The purpose of this advisory is to bring attention to recent security updates for Citrix XenServer.
Assessment
The following updates are following up on Intel’s recent Security Advisory and addresses vulnerabilities in a speculative execution side-channel method called L1 Terminal Fault (L1TF). These vulnerabilities, if exploited, could allow malicious unprivileged code in guest VMs to read arbitrary host memory, including memory allocated to other guests.
Affected Products:
- Citrix XenServer 7.5
- Citrix XenServer 7.4
- Citrix XenServer 7.1 LTSR CU1
- Citrix XenServer 7.0
CVE References:
CVE-2018-3620, CVE-2018-3646, CVE-2018-14007, CVE-2018-TBA1, CVE-2018-TBA2
Suggested Action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References: