Hash: SHA256

             AUSCERT External Security Bulletin Redistribution

                    Citrix Hypervisor Security Updates
                               10 June 2020


        AusCERT Security Bulletin Summary

Product:           Citrix Hypervisor 8.1
                   Citrix Hypervisor 8.0
                   XenServer 7.1 LTSR Cumulative Update 2
                   XenServer 7.0
Publisher:         Citrix
Operating System:  Virtualisation
Impact/Access:     Access Confidential Data -- Existing Account
                   Reduced Security         -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-0543  

Original Bulletin: 

- --------------------------BEGIN INCLUDED TEXT--------------------

Citrix Hypervisor Security Updates

Reference: CTX275165

Category : High

Created  : 09 Jun 2020

Modified : 09 Jun 2020

Applicable Products

  o Citrix Hypervisor 8.1
  o Citrix Hypervisor 8.0
  o XenServer 7.1 LTSR Cumulative Update 2
  o XenServer 7.0

Description of Problem

Modern CPUs contain random number generators that provide entropy (randomness)
to the software running on those processors to use for purposes such as
generating cryptographic encryption keys. Software can obtain entropy by using
the RDRAND and RDSEED instructions.

A security issue has been identified in certain CPU hardware that may allow
unprivileged code running on a host to observe the entropy provided by the CPU
to other processes, virtual machines or the hypervisor that are, or have
recently been, running, irrespective of whether they are running on the same
processor core or thread. For example, if a process in one guest VM were to use
the RDSEED instruction to get a random value to use as a secret encryption key,
another process in a different VM might be able to observe the result of that
RDSEED instruction and so determine the secret encryption key.

This issue has the following identifier:

  o CVE-2020-0543: Special Register Buffer Data Sampling Advisory

Note that this issue only affects the confidentiality of the entropy returned
by the CPU, not how random the value itself is.

Note also that an attacker can only observe the entropy most recently returned
by an RDSEED or RDRAND instruction on the system. If a further RDSEED or RDRAND
instruction is executed on the system, the older result is no longer observable
by an attacker.

Although this is not a vulnerability in the Citrix Hypervisor (formerly Citrix
XenServer) product, Citrix is providing hotfixes to mitigate this CPU issue.
Hotfixes are available for all currently supported versions of Citrix
Hypervisor up to and including Citrix Hypervisor 8.1. These hotfixes include
updated CPU microcode which may have a noticeable performance impact on
workloads that make significant use of RDRAND or RDSEED instructions.

Mitigating Factors

Only certain Intel CPUs are affected by this issue; customers are recommended
to contact their hardware vendor to determine if their system is affected.

Customers with only AMD CPUs are not affected by this issue.

What Customers Should Do

Hotfixes have been released to address these issues. Citrix recommends that
affected customers install these hotfixes as soon as their patching schedule
permits. The hotfixes can be downloaded from the following locations:

Citrix Hypervisor 8.1: CTX272278 - https://support.citrix.com/article/CTX272278

Citrix Hypervisor 8.0: CTX272277 - https://support.citrix.com/article/CTX272277

Citrix XenServer 7.1 LTSR CU2: CTX272276 - https://support.citrix.com/article/

Citrix XenServer 7.0: CTX272275 - https://support.citrix.com/article/CTX272275


|Date                      |Change                                            |
|2020-06-09                |Initial Publication                               |

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:


Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: http://www.auscert.org.au/render.html?it=1967