Who Should Install This Hotfix?
This is a hotfix for customers running XenServer 7.0. All customers who are affected by the issue described in CTX213549: Citrix XenServer Security Update for CVE-2016-5302 should install this hotfix.
Note: This hotfix package is reissued on 13th July 2016 to require hotfix XS70E004 to be installed as a pre-requisite. The functional content of XS70E003 hotfix remains unchanged from the original version released on 10th June 2016. Customers who had installed hotfix XS70E003 prior to 13th July 2016 do not need to reinstall the hotfix. However, as XS70E004 will be required before installing future XenServer 7.0 hotfixes, we recommend that you install hotfix XS70E004 immediately.
Issue Resolved In This Hotfix
This security hotfix addresses the vulnerability as described in the Security Bulletin above.
Installing the Hotfix
Customers should use either XenCenter or the XenServer Command Line Interface (CLI) to install this update. When the installation is complete, restart the server for the update to take effect. As with any software update, back up your data before applying this hotfix. Citrix recommends updating all hosts within a pool sequentially. Upgrading of hosts should be scheduled to minimize the amount of time the pool runs in a "mixed state" where some hosts are upgraded and some are not. Running a mixed pool of updated and non-updated hosts for general operation is not supported.
Note: The attachment to this article is a zip file.
Installing the update by using XenCenter
- Download the update to a known location on a computer that has XenCenter installed.
- In XenCenter, on the Tools menu, select Install Update. This displays the Install Update wizard.
- Click Next to start the wizard.
- Click Add to upload a new update.
- Browse to the location where you downloaded the hotfix, select it, and then click Open.
- From the list of updates select XS70E003.xsupdate and then click Next.
- Select the hosts you wish to apply the Service Pack to, and then click Next.
- The Install Update wizard performs checks to ensure there is sufficient space to upload the update. If there is enough space, the wizard successfully completes the upload. If there is insufficient space to upload the update, an error will be displayed:
- To free up required space, if there are any residual hotfix update files remaining on the host that can be deleted, the wizard offers to clean up these files. Click Clean up to review your options and remove the files. Note that this action does not uninstall hotfixes.
- If the Install Update wizard cannot free up the space required for the upload, you must manually delete files on your host. Click More Info for information about space required and take necessary action to free up the required space.
- The Install Update wizard performs a number of update prechecks, including the space available on the hosts, to verify that the update can be applied on the selected servers and displays the result. Follow the on-screen recommendations to resolve any update prechecks that have failed. If you want XenCenter to automatically resolve all failed prechecks, click Resolve All and click Next.
- Choose the Update Mode. Review the information displayed on the screen and select an appropriate mode and then click Install update.
Note: If you click Cancel at this stage, the Install Update wizard reverts the changes and removes the update file from the host.
- Click Install update to proceed with the installation. The Install Update wizard shows the progress of the update, displaying the major operations that XenCenter performs while updating each host in the pool
- When the update has been applied, click Finish to close the wizard.
- If you chose to carry out the post-update tasks, do so now.
- Download the update file to a known location.
- Extract the xsupdate file from the zip.
- Upload the xsupdate file to the Pool Master by entering the following commands:
(Where hostname is the Pool Master's IP address or DNS name.)
xe patch-upload -s <hostname> -u root -pw <password> file-name=<path_to_update_file>\XS70E003.xsupdate
XenServer assigns the update file a UUID which this command prints. Note the UUID.81ae90d4-9258-47d4-9c66-2d22a162f15d
Installing the update by using the xe Command Line Interface
- Apply the hotfix to all hosts in the pool, specifying the UUID of the hotfix:
xe -s <hostname> -u root -pw <password> patch-pool-apply uuid=81ae90d4-9258-47d4-9c66-2d22a162f15d
- Verify that the update was applied by using the patch-list command.
xe patch-list -s <hostname> -u root -pw <password> name-label=XS70E003
If the update is successful, the hosts field contains the UUIDs of the hosts to which this patch was successfully applied. This should be a complete list of all hosts in the pool. - To verify in XenCenter that the update is applied correctly, select the Pool, and then click the General tab. This displays the Pool properties. In the Updates section, ensure that the update is listed as Fully Applied.
- The hotfix is applied to all hosts in the pool, but does not take effect until each host restarts. For each host, migrate the VMs that you wish to keep running, and shut down the remaining VMs before restarting the host.
Files
Hotfix File
| Component | Details |
|---|---|
| Hotfix Filename | XS70E003.xsupdate |
| Hotfix File sha256 | 6a3148aaf3fe160ae4e2212a2a8aef2447e3d76f3a73976ea45523fa478fb743 |
| Hotfix Zip Filename | XS70E003.zip |
| Hotfix Zip File sha256 | ba2c6dc0542cd4248fee79e497896ddd698b503c7d15c5bc9414719d8f7887d3 |
Files Updated
None. The hotfix contains a script that modifies Active Directory (AD) configuration.