Hotfix XS82ECU1078 - For Citrix Hypervisor 8.2 Cumulative Update 1

Hotfix XS82ECU1078 - For Citrix Hypervisor 8.2 Cumulative Update 1

book

Article ID: CTX691830

calendar_today

Updated On:

Description

Who Should Install This Hotfix?

This is a hotfix for customers running Citrix Hypervisor 8.2 Cumulative Update 1.

All customers who are affected by the issues described in CTX692065 - XenServer and Citrix Hypervisor Security Update for CVE-2024-45818 should install this hotfix.

Note: This hotfix is available only to customers on the Customer Success Services program.

Where To Get This Hotfix

Download Citrix Hypervisor 8.2 Cumulative Update 1 hotfixes from the product downloads pages.

Information About this Hotfix

PrerequisiteXS82ECU1040
Post-update tasksRestart Host
Content live patchable**No
Baselines for Live PatchN/A
Revision History

Published on Nov 12, 2024

** Available to Premium Edition Customers.

Issues Resolved In This Hotfix

This security hotfix addresses the vulnerabilities as described in the Security Bulletin above.

In addition, this hotfix addresses the following issue:

  • EOI of IO-APIC generated interrupts is performed incorrectly when using AMD-Vi interrupt remapping.

 

Improvements included in this hotfix

This hotfix includes the following improvements:

  • Update the Intel microcode to the IPU 2024.4 drop.

 

Note: Security mitigations for CPU hardware vulnerabilities can impact system performance. Any impacts are typically workload dependent.

This hotfix also includes the following previously released hotfixes:

Installing the Hotfix

Before you apply a hotfix, ensure that you have reviewed the prerequisites listed in Prepare a pool for an update in the Citrix Hypervisor documentation.

Customers should use either XenCenter or the Citrix Hypervisor Command Line Interface (CLI) to apply this hotfix. As with any software update, back up your data before applying this update. Citrix recommends updating all servers within a pool sequentially. Upgrading of servers should be scheduled to minimize the amount of time the pool runs in a "mixed state" where some servers are upgraded and some are not. Running a mixed pool of updated and non-updated servers for general operation is not supported.

Installing the Hotfix by using XenCenter

Choose an Installation Mechanism

There are three mechanisms to install a hotfix:

  1. Automated Updates
  2. Download update from Citrix
  3. Select update or Supplemental pack from disk

The Automated Updates feature is available for Citrix Hypervisor Premium Edition customers, or to those who have access to XenServer through their Citrix Virtual Apps and Desktops entitlement. For information about installing a hotfix using the Automated Updates feature, see Apply Automated Updates in the Citrix Hypervisor documentation.

For information about installing a hotfix using the Download update from Citrix option, see Apply an Update to a Pool in the Citrix Hypervisor documentation.

The following section contains instructions on option (3) installing a hotfix that you have downloaded to disk:

  1. Download the hotfix to a known location on a computer that has XenCenter installed.
  2. Unzip the hotfix zip file and extract the .iso file
  3. In XenCenter, on the Tools menu, select Install Update. This displays the Install Update wizard.
  4. Read the information displayed on the Before You Start page and click Next to start the wizard.
  5. Click Browse to locate the iso file, select XS82ECU1078.iso and then click Open.
  6. Click Next.
  7. Select the pool or servers you wish to apply the hotfix to, and then click Next.
  8. The Install Update wizard performs a number of update prechecks, including the space available on the servers, to ensure that the pool is in a valid configuration state. The wizard also checks whether the servers need to be rebooted after the update is applied and displays the result.
  9. Choose the Update Mode. Review the information displayed on the screen and select an appropriate mode.
  10. Click Install update to proceed with the installation. The Install Update wizard shows the progress of the update, displaying the major operations that XenCenter performs while updating each server in the pool.
  11. When the update is applied, click Finish to close the wizard.
  12. If you chose to carry out the post-update tasks, do so now.

Installing the Hotfix by using the xe Command Line Interface

  1. Download the update file to a known location on the computer running the xe CLI.
  2. Extract the .iso file from the zip.
  3. Upload the .iso file to the main server of the pool by entering the following commands:
    (Where -s is the main server's IP address or DNS name.)
    xe -s <server> -u <username> -pw <password> update-upload file-name=<filename>/XS82ECU1078.iso
    Citrix Hypervisor assigns the update file a UUID which this command prints. Note the UUID.
    a71df3d6-c3a6-4e4a-a189-146e9523a2ef
  4. Apply the update to all servers in the pool, specifying the UUID of the update:
    xe update-pool-apply uuid=a71df3d6-c3a6-4e4a-a189-146e9523a2ef

    Alternatively, if you need to update and restart servers in a rolling manner, you can apply the update file to an individual server by running the following:

    xe update-apply host=<server> uuid=a71df3d6-c3a6-4e4a-a189-146e9523a2ef

     

    If the server is a member of a pool, ensure that you update the pool master for Citrix Hypervisor 8.2 CU1 before you update any other pool member.

  5. Verify that the update was applied by using the update-list command.
    xe update-list -s <server> -u root -pw <password> name-label=XS82ECU1078
    If the update is successful, the hosts field contains the UUIDs of the servers to which this update was successfully applied. This should be a complete list of all servers in the pool.
  6. If the hotfix is applied successfully, restart each server in the pool, starting with the main server.
  7. Use the update-pool-clean command to remove the update files from all servers in the pool. This command frees up space on shared storage and does not uninstall the update.
    xe update-pool-clean uuid=a71df3d6-c3a6-4e4a-a189-146e9523a2ef

Hotfix Source

This source code is not necessary for hotfix installation. It is provided to fulfill licensing obligations.

Download the hotfix source from the following link: XS82ECU1078-sources.iso.

Files

Hotfix File

ComponentDetails
Hotfix FilenameXS82ECU1078.iso
Hotfix File sha25681367ceaf1d927ba761180cbd12ea5f8f986ca90ca8d290de9e0f3c9ae99477c
Hotfix Source FilenameXS82ECU1078-sources.iso
Hotfix Source File sha2560920bf625130562b2e7eea056eb1ddbdde253f95eca28dc2fb36b5d34294f90f
Hotfix Zip FilenameXS82ECU1078.zip
Hotfix Zip File sha2563e7332e94921bc7d838b3c51806f7ea10f2b87191ebbd96c59a57aa71be11709
Size of the Zip file57.41 MB

Files Updated

edk2-20180522git4b8552d-1.4.6.x86_64.rpm
linux-firmware-20190314-11.xs8~2_1.noarch.rpm
microcode_ctl-2.1-26.xs32.xs8~2_1.x86_64.rpm
xen-dom0-libs-4.13.5-9.45.xs8~2_1.x86_64.rpm
xen-dom0-tools-4.13.5-9.45.xs8~2_1.x86_64.rpm
xen-hypervisor-4.13.5-9.45.xs8~2_1.x86_64.rpm
xen-libs-4.13.5-9.45.xs8~2_1.x86_64.rpm
xen-tools-4.13.5-9.45.xs8~2_1.x86_64.rpm

More Information

For a list of the minimum set of hotfixes you must apply to get your pool up to date, see Recommended Hotfixes for Citrix Hypervisor 8.2 Cumulative Update 1.

For more information, see Citrix Hypervisor Documentation.

If you experience any difficulties, contact Citrix Technical Support.

Powered by Wolken Software