Knowledge Center

CTX231399

Citrix Security Updates for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

Security Bulletin | None | 29 found this helpful
| Created: 03 Jan 2018 | Modified: 05 Jan 2018

Overview

A new class of issues has been identified in common CPU architectures. The presently known issues could allow unprivileged code to read privileged memory locations.

Citrix is analysing the potential impact of these issues across its product range. This bulletin will be updated as further information becomes available on the impacts of these issues and their variants.

Please note that, although these are issues in the underlying processor hardware, Citrix intends to provide software updates, together with our partners, to mitigate these issues where practical.

Please review the following sections for information on your specific Citrix products. This bulletin will be updated as more information becomes available. Customers can receive e-mail notifications about updated or new security bulletins by subscribing at the following address: https://support.citrix.com/user/alerts 

Products that we believe are not impacted:

  • Citrix XenMobile Server: Citrix believes that currently supported versions of Citrix XenMobile Server are not impacted by the presently known variants of these issues.
  • Citrix XenMobile MDX Toolkit and SDK: Citrix believes that currently supported versions of Citrix XenMobile MDX Toolkit and SDK are not impacted by the presently known variants of these issues.
  • Citrix NetScaler (MPX/VPX): Citrix believes that currently supported versions of Citrix NetScaler MPX and VPX are not impacted by the presently known variants of these issues.
  • Citrix NetScaler AppFirewall Platforms: Citrix believes that currently supported versions of Citrix NetScaler AppFirewall Platforms are not impacted by the presently known variants of these issues.
  • Citrix NetScaler Insight Center: Citrix believes that currently supported versions of Citrix NetScaler Insight Center are not impacted by the presently known variants of these issues.
  • Citrix ShareFile StorageZones Controller: Citrix believes that currently supported versions of Citrix ShareFile StorageZones Controller are not impacted by the presently known variants of these issues.
  • Citrix ByteMobile: Citrix believes that currently supported versions of Citrix ByteMobile are not impacted by the presently known variants of these issues.
  • Citrix License Server: Citrix believes that currently supported versions of Citrix License Server are not impacted by the presently known variants of these issues.
  • Citrix StoreFront: Citrix believes that currently supported versions of Citrix StoreFront are not impacted by the presently known variants of these issues.
  • Citrix App Orchestration: Citrix believes that currently supported versions of Citrix App Orchestration are not impacted by the presently known variants of these issues.
  • Citrix App Layering: Citrix believes that currently supported versions of Citrix App Layering are not impacted by the presently known variants of these issues.

Products that may require Third Party updates:

  • Citrix XenApp/XenDesktop: Citrix believes that currently supported versions of the core Citrix XenApp and XenDesktop products are not impacted by presently known variants of these issues. However, it is probable that the underlying operating system, drivers and CPU firmware will require updating. Citrix strongly recommends that customers contact their operating system and hardware vendors for information on how to obtain these updates.
  • Citrix Provisioning Services: Citrix believes that currently supported versions of Citrix Provisioning Services products are not impacted by presently known variants of these issues. However, it is probable that the underlying operating system, drivers and CPU firmware will require updating. Citrix strongly recommends that customers contact their operating system and hardware vendors for information on how to obtain these updates.
  • Citrix AppDNA: Citrix believes that currently supported versions of Citrix AppDNA are not impacted by presently known variants of these issues. However, it is probable that the underlying operating system, drivers and CPU firmware will require updating. Citrix strongly recommends that customers contact their operating system and hardware vendors for information on how to obtain these updates.
  • Citrix Linux VDA: Citrix believes that currently supported versions of Citrix Linux VDA are not impacted by presently known variants of these issues. However, it is probable that the underlying operating system, drivers and CPU firmware will require updating. Citrix strongly recommends that customers contact their operating system and hardware vendors for information on how to obtain these updates.
  • Citrix XenMobile Worx components: Citrix believes that currently supported versions of Citrix XenMobile Worx components are not impacted by presently known variants of these issues. However, it is probable that the underlying operating system, drivers and CPU firmware will require updating. Citrix strongly recommends that customers contact their operating system and hardware vendors for information on how to obtain these updates.
  • Citrix ShareFile Clients on Desktop and Mobile: Citrix believes that currently supported versions Citrix ShareFile Clients are not impacted by presently known variants of these issues. However, it is probable that the underlying operating system, drivers and CPU firmware will require updating. Citrix strongly recommends that customers contact their operating system and hardware vendors for information on how to obtain these updates.
  • Citrix Receivers for Desktop and Mobile: Citrix believes that currently supported versions of Citrix Receivers are not impacted by presently known variants of these issues. However, it is probable that the underlying operating system, drivers and CPU firmware will require updating. Citrix strongly recommends that customers contact their operating system and hardware vendors for information on how to obtain these updates.

 

Products that we believe are impacted:

  • Citrix NetScaler SDX: Citrix believes that currently supported versions of Citrix NetScaler SDX are not at risk from malicious network traffic. However, in light of these issues, Citrix strongly recommends that customers only deploy NetScaler instances on Citrix NetScaler SDX where the NetScaler admins are trusted.
  • Citrix XenServer: Please see https://support.citrix.com/article/ctx231390 for information on Citrix XenServer

What Citrix Is Doing

Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at  http://support.citrix.com/.

Obtaining Support on This Issue

If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at  https://www.citrix.com/support/open-a-support-case.html

Reporting Security Vulnerabilities

Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – Reporting Security Issues to Citrix

Changelog

Date  Change
3rd January 2018  Initial publishing
3rd January 2018 Updated immediately after embargo expiry
4th January 2018 Updated to include XenServer
5th January 2018 Expanded Product coverage

Get Additional Support

Call Technical Support

View Additional Numbers

Open a Case

Open a ticket online for technical assistance with troubleshooting, break-fix requests, and other product issues.

Open a Case Online

View Related Sites