Network Security, Patch/Configuration Management, Vulnerability Management

Citrix doles out hotfixes for host compromise and DoS bugs in XenServer

Citrix Systems on Wednesday issued hotfixes for its XenServer hypervisor product, fixing vulnerabilities that attackers could exploit to remotely compromise a host compromise or cause a denial of service condition.

The host compromise bug (CVE-2016-2074), is an MPLS buffer overflow vulnerability in the Open vSwitch distributed virtual multilayer switch that affects XenServer versions 7.0 and 7.1 CUI 1, Citrix revealed in an online notification.

Citrix also reported that the denial of service problem stems from two flaws affecting all XenServer versions prior to 7.4: a "non-preemptable L3/L4 pagetable freeing" (CVE-2018-7540) and a "grant table v2 -> v1 transition" that can cause a crash (CVE-2018-7541).

Citrix's hotfixes are meant specifically for versions 7.0 - 7.3. The company says it is still working on remediating the DoS issues for older releases that are "end of maintenance" but not "end of life."

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.