XenServer6.5SP1 Xen関連のセキュリティFIX一覧
最新は一番下のXS65ESP1023。
最新を適用すれば、すべての修正が含まれます。※セキュリティ関連のPatchのみです。
CTX142482 - Hotfix XS65E009 - For XenServer 6.5.0
https://support.citrix.com/article/CTX201078
CVE-2015-3456: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456 * VENOM対応
CTX142537 - Hotfix XS65E010 - For XenServer 6.5.0
http://support.citrix.com/article/CTX201145
CVE-2015-4106 (Medium): Unmediated PCI register access in qemu.
CVE-2015-4163 (Medium): GNTTABOP_swap_grant_ref operation misbehavior.
CVE-2015-4164 (Medium): vulnerability in the iret hypercall handler
CVE-2015-2756 (Low): Unmediated PCI command register access in qemu
CVE-2015-4103 (Low): Potential unintended writes to host MSI message data field via qemu.
CVE-2015-4104 (Low): PCI MSI mask bits inadvertently exposed to guests.
CVE-2015-4105 (Low): Guest triggerable qemu MSI-X pass-through error messages
CTX201636 - Hotfix XS65E013 - For XenServer 6.5.0
http://support.citrix.com/article/CTX201636
CVE-2015-5154: QEMU heap overflow flaw while processing certain ATAPI commands (HVM)
CTX201740 - Hotfix XS65E014 - For XenServer 6.5.0
http://support.citrix.com/article/CTX201740
CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (HVM)
CTX202438 - Hotfix XS65E015 - For XenServer 6.5.0
http://support.citrix.com/article/CTX202438
CVE-2015-7835 (High): Uncontrolled creation of large page mappings by PV guests
CVE-2015-7969 (Low): Leak of main per-domain vcpu pointer array/Leak of per-domain profiling-related vcpu pointer array
CVE-2015-7970 (Medium): Host crash when migrating a PoD VM
CVE-2015-7971 (Low): Some pmu and profiling hypercalls log without rate limiting
CVE-2015-7972 (Low): Populate-on-demand balloon size inaccuracy can crash guests
CTX202618 - Hotfix XS65E017 - For XenServer 6.5.0
http://support.citrix.com/article/CTX202618
CVE-2015-5307/CVE-2015-8104 (Medium): CPU lockup during fault delivery (HVM)
CTX142483 - Hotfix XS65ESP1002 - For XenServer 6.5.0 Service Pack 1
http://support.citrix.com/article/CTX142483
CVE-2015-3456: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456 *VENOM
CTX142538 - Hotfix XS65ESP1004 - For XenServer 6.5.0 Service Pack 1
http://support.citrix.com/article/CTX142538
CVE-2015-4106 (Medium): Unmediated PCI register access in qemu.
CVE-2015-4163 (Medium): GNTTABOP_swap_grant_ref operation misbehavior.
CVE-2015-4164 (Medium): vulnerability in the iret hypercall handler
CVE-2015-2756 (Low): Unmediated PCI command register access in qemu
CVE-2015-4103 (Low): Potential unintended writes to host MSI message data field via qemu.
CVE-2015-4104 (Low): PCI MSI mask bits inadvertently exposed to guests.
CVE-2015-4105 (Low): Guest triggerable qemu MSI-X pass-through error messages
CTX201637 - Hotfix XS65ESP1008 - For XenServer 6.5.0 Service Pack 1
http://support.citrix.com/article/CTX201637
CVE-2015-5154: QEMU heap overflow flaw while processing certain ATAPI commands (HVM)
CTX201741 - Hotfix XS65ESP1009 - For XenServer 6.5.0 Service Pack 1
http://support.citrix.com/article/CTX201741
CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (HVM)
CTX202074 - Hotfix XS65ESP1011 - For XenServer 6.5.0 Service Pack 1
http://support.citrix.com/article/CTX202074
*HOTFIX
*Windows DHCP server利用時の不具合修正
* GPU Pass-through か vGPU を含むPCI Pass-throughを利用した場合、ホストがクラッシュする(Intel-based serversのみ)
* HVM VMで、XenStore RINGのhvmloaderメッセージを重複させるとHVM VMがクラッシュする
CTX202439 - Hotfix XS65ESP1014 - For XenServer 6.5.0 Service Pack 1
http://support.citrix.com/article/CTX202439
CVE-2015-7835 (High): Uncontrolled creation of large page mappings by PV guests
CVE-2015-7969 (Low): Leak of main per-domain vcpu pointer array/Leak of per-domain profiling-related vcpu pointer array
CVE-2015-7970 (Medium): Host crash when migrating a PoD VM
CVE-2015-7971 (Low): Some pmu and profiling hypercalls log without rate limiting
CVE-2015-7972 (Low): Populate-on-demand balloon size inaccuracy can crash guests
CTX202619 - Hotfix XS65ESP1016 - For XenServer 6.5.0 Service Pack 1
http://support.citrix.com/article/CTX202619
CVE-2015-5307/CVE-2015-8104 (Medium): CPU lockup during fault delivery (HVM)
CTX203494 - Hotfix XS65ESP1019 - For XenServer 6.5.0 Service Pack 1
http://support.citrix.com/article/CTX203494
CVE-2015-8339/CVE-2015-8340 (Medium): Memory exchange hypercall error handling
CTX204047 - Hotfix XS65ESP1020 - For XenServer 6.5.0 Service Pack 1
http://support.citrix.com/article/CTX204047
CVE-2015-8554 (Medium): QEMU-dm buffer overrun in MSI-X handling
CVE-2015-8104 (Low): Guest crash during exception delivery
CVE-2015-8555 (High): Information leak in legacy x86 FPU/XMM initialization
CTX205355 - Hotfix XS65ESP1023 - For XenServer 6.5.0 Service Pack 1
http://support.citrix.com/article/CTX205355
CVE-2016-1571 (Medium): VMX: intercept issue with INVLPG on non-canonical address
