Citrix Update für Meltdown und Spectre

Citrix Update für Meltdown und Spectre

Nach den schlechten News zum Jahresanfang ist auch Citrix an Lösungen am Arbeiten um die Sicherheitslücken Metldown und Spectre zu schließen.

Aber bei Citrix sind nicht alle Lösungen von dem Sicherheitsloch Metldown und Spectre direkt betroffen.

In einem neuen Citrix Knowledgebaseartikel hat Citrix das Thema Metldown und Spectre mit deren Produkten klassifiziert und aufgeschlüsselt.

Nicht betroffen sind die folgenden Produkte:

Citrix XenMobile Server

Citrix Netscaler (MPX / VPX)

Produkte die Updates von Third Party Herstellern für Metldown und Spectre benötigen:

Citrix XenApp / XenDesktop
Aus dem Knowledgebase Artikel:

Citrix believes that currently supported versions of the core Citrix XenApp and XenDesktop products are not impacted by presently known variants of these issues. However, it is probable that the underlying operating system, drivers and CPU firmware will require updating. Citrix strongly recommends that customers contact their operating system and hardware vendors for information on how to obtain these updates.

Produkte die betroffen sind:

Citrix Netscaler SDX

Citrix XenServer
Referenzartikel: https://support.citrix.com/article/ctx231390

What XenServer Customers Should Do

The CPU speculative execution mitigations require system firmware/BIOS upgrades to be applied before becoming fully effective. Citrix strongly recommends that customers contact their hardware vendors for further information on these firmware upgrades.

As these issues are in optimisation features of the underlying physical CPU, mitigating them will necessarily cause a reduction of CPU performance. This performance impact will depend on a number of factors, including workload and CPU model. Customers are recommended to monitor their system loads after installing these hotfixes.

After applying the relevant firmware/BIOS upgrades and XenServer hotfixes, guest VMs will need to be fully shut down and started at least once after the application of relevant guest operating system updates. This will allow any corresponding security updates for the guest operating system to become fully effective.

Citrix has released hotfixes that contain mitigations for Variant 2. These hotfixes can be found on the Citrix website at the following locations:

Citrix XenServer 7.3: Citrix is actively working on a hotfix for this version. This document will be updated when a hotfix is available.

Citrix XenServer 7.2: Citrix is actively working on a hotfix for this version. This document will be updated when a hotfix is available.

Citrix XenServer 7.1 LTSR CU1: CTX230788 – https://support.citrix.com/article/ctx230788

Citrix XenServer 7.0: Citrix is actively working on a hotfix for this version. This document will be updated when a hotfix is available.

Note that these updates are not Livepatchable.

Customers using End of Maintenance versions of Citrix XenServer, i.e. Citrix XenServer version 6.0.2 Common Criteria, 6.2 SP1 and 6.5 SP1 are strongly recommended to upgrade to a more recent version.

Citrix is actively working on additional mitigations for Variant 3, but strongly recommends that customers that have deployed untrusted PV guests on Intel CPUs consider transitioning to HVM-based guests.

 

Sprechen Sie uns vor einem Upgrade an.

Bitte sprechen Sie uns an für ein Upgrade der vorhandenen Umgebungenzu den entsprechenden Metldown und Spectre Updates .

Hier unterstützen wir gerne bei der Planung und Umsetzung.

 

Detlev Koch

Spectre

Detlev Koch – Spectre Update

Senior Technical Consultant und

Partner Solution Manager Citrix