Contact Support

Customers who viewed this article also viewed

CTX213769 {{tooltipText}}

Hotfix XS70E003 - For XenServer 7.0

Applicable Products

  • XenServer

Who Should Install This Hotfix?

This is a hotfix for customers running XenServer 7.0. All customers who are affected by the issue described in CTX213549: Citrix XenServer Security Update for CVE-2016-5302 should install this hotfix.

Note: This hotfix package is reissued on 13th July 2016 to require hotfix XS70E004 to be installed as a pre-requisite. The functional content of XS70E003 hotfix remains unchanged from the original version released on 10th June 2016. Customers who had installed hotfix XS70E003 prior to 13th July 2016 do not need to reinstall the hotfix. However, as XS70E004 will be required before installing future XenServer 7.0 hotfixes, we recommend that you install hotfix XS70E004 immediately.

Issue Resolved In This Hotfix

This security hotfix addresses the vulnerability as described in the Security Bulletin above.

Installing the Hotfix

Customers should use either XenCenter or the XenServer Command Line Interface (CLI) to install this update. When the installation is complete, restart the server for the update to take effect. As with any software update, back up your data before applying this hotfix. Citrix recommends updating all hosts within a pool sequentially. Upgrading of hosts should be scheduled to minimize the amount of time the pool runs in a "mixed state" where some hosts are upgraded and some are not. Running a mixed pool of updated and non-updated hosts for general operation is not supported.

Note: The attachment to this article is a zip file.

Installing the update by using XenCenter

  1. Download the update to a known location on a computer that has XenCenter installed.
  2. In XenCenter, on the Tools menu, select Install Update. This displays the Install Update wizard.
  3. Click Next to start the wizard.
  4. Click Add to upload a new update.
  5. Browse to the location where you downloaded the hotfix, select it, and then click Open.
  6. From the list of updates select XS70E003.xsupdate and then click Next.
  7. Select the hosts you wish to apply the Service Pack to, and then click Next.
  8. The Install Update wizard performs checks to ensure there is sufficient space to upload the update. If there is enough space, the wizard successfully completes the upload. If there is insufficient space to upload the update, an error will be displayed:
    • To free up required space, if there are any residual hotfix update files remaining on the host that can be deleted, the wizard offers to clean up these files. Click Clean up to review your options and remove the files. Note that this action does not uninstall hotfixes.
    • If the Install Update wizard cannot free up the space required for the upload, you must manually delete files on your host. Click More Info for information about space required and take necessary action to free up the required space.

  • The Install Update wizard performs a number of update prechecks, including the space available on the hosts, to verify that the update can be applied on the selected servers and displays the result. Follow the on-screen recommendations to resolve any update prechecks that have failed. If you want XenCenter to automatically resolve all failed prechecks, click Resolve All and click Next.
  • Choose the Update Mode. Review the information displayed on the screen and select an appropriate mode and then click Install update.
  • Note: If you click Cancel at this stage, the Install Update wizard reverts the changes and removes the update file from the host.


  • Click Install update to proceed with the installation. The Install Update wizard shows the progress of the update, displaying the major operations that XenCenter performs while updating each host in the pool
  • When the update has been applied, click Finish to close the wizard.
  • If you chose to carry out the post-update tasks, do so now.
  • Installing the update by using the xe Command Line Interface

    1. Download the update file to a known location.
    2. Extract the xsupdate file from the zip.
    3. Upload the xsupdate file to the Pool Master by entering the following commands: 
      (Where hostname is the Pool Master's IP address or DNS name.)

      xe patch-upload -s <hostname> -u root -pw <password> file-name=<path_to_update_file>\XS70E003.xsupdate

      XenServer assigns the update file a UUID which this command prints. Note the UUID.

      81ae90d4-9258-47d4-9c66-2d22a162f15d


  • Apply the hotfix to all hosts in the pool, specifying the UUID of the hotfix:

    xe -s <hostname> -u root -pw <password> patch-pool-apply uuid=81ae90d4-9258-47d4-9c66-2d22a162f15d

  • Verify that the update was applied by using the patch-list command.

    xe patch-list -s <hostname> -u root -pw <password> name-label=XS70E003

    If the update is successful, the hosts field contains the UUIDs of the hosts to which this patch was successfully applied. This should be a complete list of all hosts in the pool.
  • To verify in XenCenter that the update is applied correctly, select the Pool, and then click the General tab. This displays the Pool properties. In the Updates section, ensure that the update is listed as Fully Applied.
  • The hotfix is applied to all hosts in the pool, but does not take effect until each host restarts. For each host, migrate the VMs that you wish to keep running, and shut down the remaining VMs before restarting the host.
  •  

    Files

    Hotfix File

    Component Details
    Hotfix Filename XS70E003.xsupdate
    Hotfix File sha256 6a3148aaf3fe160ae4e2212a2a8aef2447e3d76f3a73976ea45523fa478fb743
    Hotfix Zip Filename XS70E003.zip
    Hotfix Zip File sha256 ba2c6dc0542cd4248fee79e497896ddd698b503c7d15c5bc9414719d8f7887d3

    Files Updated

    None. The hotfix contains a script that modifies Active Directory (AD) configuration.