Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.1999 Citrix Hypervisor Security Updates 10 June 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Citrix Hypervisor 8.1 Citrix Hypervisor 8.0 XenServer 7.1 LTSR Cumulative Update 2 XenServer 7.0 Publisher: Citrix Operating System: Virtualisation Impact/Access: Access Confidential Data -- Existing Account Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-0543 Original Bulletin: https://support.citrix.com/article/CTX275165 - --------------------------BEGIN INCLUDED TEXT-------------------- Citrix Hypervisor Security Updates Reference: CTX275165 Category : High Created : 09 Jun 2020 Modified : 09 Jun 2020 Applicable Products o Citrix Hypervisor 8.1 o Citrix Hypervisor 8.0 o XenServer 7.1 LTSR Cumulative Update 2 o XenServer 7.0 Description of Problem Modern CPUs contain random number generators that provide entropy (randomness) to the software running on those processors to use for purposes such as generating cryptographic encryption keys. Software can obtain entropy by using the RDRAND and RDSEED instructions. A security issue has been identified in certain CPU hardware that may allow unprivileged code running on a host to observe the entropy provided by the CPU to other processes, virtual machines or the hypervisor that are, or have recently been, running, irrespective of whether they are running on the same processor core or thread. For example, if a process in one guest VM were to use the RDSEED instruction to get a random value to use as a secret encryption key, another process in a different VM might be able to observe the result of that RDSEED instruction and so determine the secret encryption key. This issue has the following identifier: o CVE-2020-0543: Special Register Buffer Data Sampling Advisory Note that this issue only affects the confidentiality of the entropy returned by the CPU, not how random the value itself is. Note also that an attacker can only observe the entropy most recently returned by an RDSEED or RDRAND instruction on the system. If a further RDSEED or RDRAND instruction is executed on the system, the older result is no longer observable by an attacker. Although this is not a vulnerability in the Citrix Hypervisor (formerly Citrix XenServer) product, Citrix is providing hotfixes to mitigate this CPU issue. Hotfixes are available for all currently supported versions of Citrix Hypervisor up to and including Citrix Hypervisor 8.1. These hotfixes include updated CPU microcode which may have a noticeable performance impact on workloads that make significant use of RDRAND or RDSEED instructions. Mitigating Factors Only certain Intel CPUs are affected by this issue; customers are recommended to contact their hardware vendor to determine if their system is affected. Customers with only AMD CPUs are not affected by this issue. What Customers Should Do Hotfixes have been released to address these issues. Citrix recommends that affected customers install these hotfixes as soon as their patching schedule permits. The hotfixes can be downloaded from the following locations: Citrix Hypervisor 8.1: CTX272278 - https://support.citrix.com/article/CTX272278 Citrix Hypervisor 8.0: CTX272277 - https://support.citrix.com/article/CTX272277 Citrix XenServer 7.1 LTSR CU2: CTX272276 - https://support.citrix.com/article/ CTX272276 Citrix XenServer 7.0: CTX272275 - https://support.citrix.com/article/CTX272275 Changelog +--------------------------+--------------------------------------------------+ |Date |Change | +--------------------------+--------------------------------------------------+ |2020-06-09 |Initial Publication | +--------------------------+--------------------------------------------------+ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXuA7NuNLKJtyKPYoAQg7UxAAsYgel3I3xEAgvkyz1IxrulnR/TZa1WFl FnBk2biOp5oW7Fr1YvbdNMDVoxHe59FOBdod5LS6gFp30IIGV2zscbOCjaEQLLQr EVJ+RsY63MB+w51MUrf9oOY/bJeDZzFq8ypAXcMnS0sbdftOly/qVTtLnfxOx4P9 akh+ObrIC0gCfbjsy/9oJVqrSzJGOAXbJ4SQ11GzrD+2ptFmuVtvXfGb1+rTh3KY g/XYzFIJiD5WZuxG6fz2CBywVzw1pMOtPefeGOJWxkFak+0LUbtlU7PFbysfGNjm zb5pXDaWZNJ7rPcIYsI54M9/DlZQ+ct9OZWlIy/WcZfsIdcvfZ1vFgDCfDo5lSP3 jvG8R+uO+Jd+ZOz7+wnQsuqyZWAMfaYWExGihFQCn02EJxlnTaWyaBlcIrTaVXCU sLwlBuLnvaFhpCKzogbyIDkCAgOndI/0L7ulmPQftB0adIlqD0hltERoC8jyD0u/ oZQJ3KtTWthEADnGqmphFzB+tFq4Jma+M6+m4YbkMh+7vN95g6IqNTkP3kGvE/la +SXmgwQSiwa5wMCK6taa+serHo+9fkJg4X9WKl4gWs+NrBR5Arl8XrGt+z+0XkLm 2W6CAayEHKKnOolq2patkWDXXK33PtgKFUht6zTMnCR43MKZAI7zgtE3i+EPPvFn wBxh3Jaa1Ic= =g6uz -----END PGP SIGNATURE-----