Applying Security Hotfixes to XenServer on NetScaler SDX Appliance with Software Release 9.3 and 10

Applying Security Hotfixes to XenServer on NetScaler SDX Appliance with Software Release 9.3 and 10

book

Article ID: CTX135034

calendar_today

Updated On:

Description

This article describes how to apply the hotfixes required to remediate the security vulnerabilities detailed in security bulletin CTX134876 - Citrix NetScaler SDX Multiple Security Updates.

Determining the Version of XenServer on the NetScaler SDX Appliance

To determine what version of XenServer you are running:
  1. Log on to the Management Service GUI on the NetScaler SDX appliance.
  2. Click Monitoring tab.
  3. Check XenServer version number in “Hypervisor Information” panel.

NetScaler SDX with XenServer 6.0

Customers using XenServer 6.0.0 on the NetScaler SDX appliances must apply the two hotfixes in the following order:

  1. XS60E001 - Hotfix XS60E001 - For XenServer 6.0

  2. XS60E018 - Security Hotfix XS60E018 - For XenServer 6.0

NetScaler SDX with XenServer 5.6

Customers using XenServer 5.6 on the NetScaler SDX appliances should upgrade their appliance hypervisor to version 6.0 before applying the hotfixes. For details to upgrade XenServer in NetScaler SDX appliance, refer to the Citrix NetScaler SDX Administrator Guide:

http://support.citrix.com/proddocs/topic/sdx-administration-10-map/sdx-ag-config-svm-upgrd-xensvr-con.html

Note: It is only possible to upgrade XenServer on NetScaler SDX release 9.3 build 54.5006.e and later, or release 10.0 build 54.7 and later.
Customers using versions of NetScaler SDX prior to 9.3 build 54.5006.e must upgrade in the following order:

  • Upgrade the Management Service on the NetScaler SDX appliance to a minimum of 9.3 build 57.5

  • Upgrade XenServer to 6.0

  • Complete the procedure in the Applying Patches to the NetScaler SDX section to apply hotfixes XS60E001 and XS60E018.

For details to upgrade the Management Service on the NetScaler SDX appliance, refer to the Citrix NetScaler SDX Administrator Guide:

http://support.citrix.com/proddocs/topic/sdx-administration-10-map/sdx-ag-config-svm-upgrd-mgmt-svm-con.html

Citrix recommends to back up the configuration prior to any modifications to the Management Service. For instructions on how to perform a backup, refer to the NetScaler SDX Administrator Guide:

http://support.citrix.com/proddocs/topic/sdx-administration-10-map/sdx-ag-config-mangmt-svd-vm-backup-restore-tsk.html

While both patches must be applied regardless of NetScaler SDX version, the method for applying these XenServer 6.0.x hotfixes depends on the version of NetScaler SDX software release.

Applying patches to the NetScaler SDX:

For customers running versions of Citrix NetScaler SDX prior to 9.3 Build 58.5 or 10.0 Build 70.7:

  1. From the Citrix website, download XenServer hotfixes XS60E001 - Hotfix XS60E001 - For XenServer 6.0 and XS60E018 - Security Hotfix XS60E018 - For XenServer 6.0.

  2. Log into the XenServer console of the NetScaler SDX appliance either directly or using SSH to the XenServer IP.

  3. Run the following command to upload the two .xsupdate files from the preceding step to the XenServer root directory:
    xe patch-upload file-name=XS60E001.xsupdate
    Note: the xe patch-upload command will print the UUID of the patch which will be used in the following steps. Record the UUIDs for these steps.

  4. Run the following command to determine the host-UUID information:
    xe host-list --minimal

  5. Run the following command and apply the patch with the information from the preceding steps:
    xe patch-apply uuid=<patch-uuid-of- XS60E001> host-uuid=<host-uuid>

  6. Run the following command to ensure that the patch is applied correctly:

    xe patch-list

    The “hosts” key will contain data if the patch has been successfully applied. For example:
    
[root@netscaler-sdx ~]# xe patch-list
uuid ( RO)                    : 95ac709c-e408-423f-8d22-84b8134a149e
              name-label ( RO): XS60E001
        name-description ( RO): Resolve issue with host-evacuate
                    size ( RO): 6620946
                   hosts (SRO): 63680c7d-9420-48de-92b9-d54555f73c78
    after-apply-guidance (SRO): restartHost

  7. Restart the NetScaler SDX appliance by using the GUI and verify if the patch is applied correctly using the xe patch-list command.

  8. Repeat steps 3 to 6 for the XS60E018.xsupdate file.

  9. Restart the NetScaler SDX appliance when suggested and verify if the patch is correctly applied using the xe patch-list command.

For customers running Citrix NetScaler SDX 9.3 Build 58.5 or later, or 10.0 Build 70.7 or later:

  1. From the Citrix website, download XenServer hotfixes XS60E001 - Hotfix XS60E001 - For XenServer 6.0 and XS60E018 - Security Hotfix XS60E018 - For XenServer 6.0.

  2. Browse to the Management Service IP and log in as an administrative user.

  3. Select Configuration > Management Service > XenServer Files > Hotfixes from the GUI.

  4. Click Upload to upload hotfix XS60E001.

  5. Select the XS60E001.xsupdate hotfix file and click Apply to apply the hotfix.

  6. Restart the NetScaler SDX appliance after the hotfix is applied.

  7. Click Upload to upload hotfix XS60E018.

  8. Select the XS60E018.xsupdate hotfix file and click Apply to apply the hotfix.

  9. Restart the NetScaler SDX appliance after the hotfix is applied.

Additional Resources

For technical assistance with these issues, contact your Citrix Technical Support representative. For customers that do not already have an existing Support representative, contact details for Citrix Technical Support are available at the following location:

http://www.citrix.com/site/ss/supportContacts.asp.

Issue/Introduction

This provides information on applying Security Hotfixes to XenServer on NetScaler SDX 9.3 and 10.0.
Powered by Wolken Software