Security bulletin covering XSA-108 [feedly]

----
Security bulletin covering XSA-108
// Latest blog entries

Over the past week there has been considerable interest in an embargoed Xen Project security advisory known as XSA-108. On October 1st, 2014, the embargo surrounding this advisory was lifted, and coincident with that action, Citrix released a security bulletin covering XSA-108, as well as two additional advisories which impact XenServer releases.

CVE-2014-7188 (XSA-108) Status

CVE-2014-7188, also known as XSA-108, has received significant press. A patch for this was made available on the Citrix support site on October 1st. The patch is available at CTX200218, and also includes remedies for CVE-2014-7155 and CVE-2014-7156.

Learning about new XenServer hotfixes

When a hotfix is released for XenServer, it will be posted to the Citrix support web site. You can receive alerts from the support site by registering at http://support.citrix.com/profile/watches and following the instructions there. You will need to create an account if you don't have one, but the account is completely free. Whenever a hotfix is released, there will be an accompanying security advisory in the form of a CTX knowledge base article for it, and those same KB articles will be linked on xenserver.org in the download page.

Patching XenServer hosts

XenServer admins are encouraged to schedule patching of their XenServer installations at their earliest opportunity. Please note that this bulletin does impact XenServer 6.2 hosts, and to apply the patch, all XenServer 6.2 hosts will first need to be patched to service pack 1. The complete list of patches can be found on the XenServer download page.     

----

Shared via my feedly reader

Sent from my iPhone