XenServerSubscribe to RSS notifications of new downloads
XenServer is now available as a Free Edition, which requires signing into your MyCitrix account to download. If you do not have a MyCitrix account, you can create a free MyCitrix account here.
Intel reported a new variant of speculative execution information disclosure similar to the vulnerabilities commonly known as Spectre. Although this vulnerability is in the underlying Intel processor hardware implementation, Citrix is providing software updates, together with our partners, to mitigate the issue, which affects all supported versions of Citrix XenServer.
This has been rated as a high severity disclosure; the full text of the public bulletin can be found here: https://support.citrix.com/article/CTX235745.
What Customers Should Do
We recommend that you review the risks that these vulnerabilities pose to your specific deployment and plan on applying the hotfixes relevant to your deployment as soon as possible. Hotfixes have been released to address these issues and can be downloaded from the following locations:
- Citrix XenServer 7.5: CTX235135
- Citrix XenServer 7.4: CTX235175
- Citrix XenServer 7.3: CTX235956
- Citrix XenServer 7.1 LTSR CU1: CTX235957
- Citrix XenServer 7.0: CTX235958
- Customers should also apply operating system security updates to mitigate CVE-2018-3665.
The mitigations for CVE-2018-3665 are not available for versions 6.x of Citrix XenServer. Also note that Citrix XenServer 7.1 LTSR is no longer supported unless Cumulative Update 1 has been applied.
Should you require additional details or guidance, please contact the Security Response Team at email@example.com.
XenServer 7.1 LTSR