Who Should Install This Hotfix?
All users that are affected by the issues raised in CTX133161 - Citrix XenServer Multiple Security Updates should install this hotfix.
Issue Resolved In This Security Hotfix
This security hotfix address the vulnerabilities as described in the Security Bulletin above.
The following issue is also resolved:
- XenServer hosts were installed with incorrect permissions on the root directory. During installation, the XenServer installation wizard created the root directory with drwx------ permissions instead of drwxr-xr-x. This hotfix corrects permissions set by the installation wizard in the XenServer 6.0.2 Base Installation ISO (XenServer-6.0.201-install-cd.iso).
Users who want to install XenServer 6.0.2 should download the XenServer 6.0.2 Base Installation ISO from Citrix.com and then apply this hotfix to XenServer hosts installed from that ISO. Users with existing XenServer 6.0.2 installations should also apply this hotfix.
Installing the Hotfix
Customers should use either XenCenter or the XenServer Command Line Interface (CLI) to install this update. Once the update has installed, the server must be restarted for it to take effect. As with any software update, please back up your data before applying this hotfix. Citrix recommends updating all hosts within a pool sequentially. Upgrading of hosts should be scheduled to minimize the amount of time the pool runs in a "mixed state" where some hosts have been upgraded and some have not. Running a mixed pool of updated and non-updated hosts for general operation is not supported.
- The attachment to this article is a zip file. It contains both the hotfix update package, and the source code for any modified open source components. The source code is not necessary for hotfix installation: it is provided to fulfil licensing obligations.
Installing the update using XenCenter
- Download the update to a known location on a computer that has XenCenter installed.
- In XenCenter, on the Tools menu, select Install New Update. This displays the Install Update wizard.
- Click Next to start the Wizard.
- Click Add... to upload a new update.
- Browse to the location where you downloaded the hotfix, select it, and then click Open.
- From the list of updates select XS602E004.update and then click Next.
- Select the hosts you wish to apply the hotfix to, and then click Next.
- Follow the recommendations to resolve any upgrade prechecks.
- Click Install to start the installation.
Note: The XenCenter controlled upgrade process reboots each host sequentially starting with the Pool Master, where possible VMs will be migrated to other running hosts to avoid VM downtime. When the Pool Master is being rebooted, XenCenter will be unable to monitor the pool.
Installing the update using the off-host CLI
- Download the update to a known location on a computer that has the XenServer CLI or XenCenter installed.
- Extract the xsupdate file from the zip.
- If using Windows, start a Command Prompt and navigate to the XenCenter directory, for example:
- Upload the xsupdate file to the Pool Master by entering the following commands:
(Where hostname is the Pool Master's IP address or DNS name.)
xe patch-upload -sXenServer assigns the update file a UUID which this command prints. Note the UUID.
<hostname>-u root -pw
- Apply the hotfix to all hosts in the pool, specifying the UUID of the hotfix:
xe patch-pool-apply uuid=
- Verify that the update was applied by using the patch-list command.
xe patch-list -sIf the update has been successful, the hosts field will contain the UUIDs of the hosts this patch was successfully applied to. This should be a complete list of all hosts in the pool.
<hostname>-u root -pw
- The hotfix is applied to all hosts in the pool, but it will not take effect until each host has been rebooted. For each host, migrate the VMs that you wish to keep running, and shutdown the remaining VMs before rebooting the host.
- To verify in XenCenter that the update has been applied correctly, select the Pool, and then click the General tab. This displays the Pool properties. In the Updates section, ensure that the update is listed as Fully applied.
cd C:\Program files\Citrix\XenCenter
|Hotfix File md5sum||1c091db544486c1d2beadda6f821fce2|
|Hotfix Source Filename||XS602E004-src-pkgs.tar.bz2|
|Hotfix Source File md5sum||e4be228d602025e0c76a6ceeb16b6b0b|
|Hotfix Zip Filename||XS602E004.zip|
|Hotfix Zip File md5sum||e514fb75795aed42b7282f0f6afe6af5|