Who should install this hotfix?
This is a hotfix for customers running XenServer 6.0.2. All customers who are affected by the issues described in CTX134708 ??鷉G Citrix XenServer Multiple Security Updates should install this hotfix.
Issues resolved in this hotfix
This security hotfix addresses the vulnerabilities as described in the Security Bulletin above.
The following issues are also resolved.
- The Xentrace tool does not capture the values of memory-mapped I/O and port-mapped I/O reads for Windows VMs. [CA-79986]
- Live migration of fully virtualized VMs can occasionally fail. [CA-87350]
In addition, this hotfix includes the following previously released hotfix.
- CTX133174 ??鷉G Hotfix XS602E004 - For XenServer 6.0.2
Installing the hotfix
You must use either XenCenter or the XenServer Command Line Interface (CLI) to install this hotfix. Using the CLI minimizes the time required to apply hotfixes by avoiding the need to restart hosts and migrate VMs.
As with any software update, ensure that you back up your data before applying this hotfix. After installing the hotfix, restart the host to apply the updates. Citrix recommends that you update all hosts within a pool sequentially and that you schedule your updates to minimize the amount of time the pool runs with a mixture of updated and non-updated hosts. Pools containing a mixture of updated and non-updated hosts are not supported for general operation.
The ZIP file attached to this article contains both the hotfix update package and the source code for any modified open source components. The source code is not necessary for hotfix installation and is provided to fulfill licensing obligations.
Installing the hotfix using XenCenter
Download the hotfix to the computer running XenCenter and extract the .xsupdate file from the ZIP file.
In XenCenter, click Tools > Install Software Update.
In the Install Update wizard, click Next.
On the Select Update page, click Add and navigate to the location where you downloaded the hotfix. Select the .xsupdate file and then click Open.
Ensure that the hotfix is selected in the list of updates and then click Next.
On the Select Servers page, specify the hosts to which you wish to apply the hotfix and then click Next.
On the Update Prechecks page, ensure that no issues have been identified and then click Next.
After loading the .xsupdate file onto the selected hosts, XenCenter performs a number of checks to verify that the hotfix can be applied. If any issues are identified, click Resolve All and XenCenter will attempt to remediate them for you.
On the Update Mode page, specify whether you want XenCenter to perform post-update tasks, such as restarting VMs, after installing the hotfix.
- In automatic mode, XenCenter upgrades each host sequentially, starting with the pool master. XenCenter migrates VMs to other running hosts (where possible), places the host in maintenance mode, applies the hotfix, restarts the host, and then migrates the VMs back onto the updated host. Any actions that were taken as a result of the update prechecks are reverted.
- In manual mode, XenCenter applies the hotfix without performing any post-update tasks. A list of required post-update actions is displayed. Click Save to File to copy this list to a text file so that you can refer to it later.
Click Install Update and then, once the hotfix has been installed, click Finish.
If you applied the hotfix in manual mode, perform any post-update tasks that are required.
Installing the hotfix using the CLI on another host
Download the hotfix to the computer running the CLI or XenCenter, and extract the .xsupdate file from the ZIP file.
Open a Command Prompt window. On Windows computers, navigate to the XenCenter installation directory, typically located at C:\Program Files (x86)\Citrix\XenCenter
Upload the hotfix to the pool master by entering the following command.
xe patch-upload -s
<hostname>-u root -pw
Where <hostname> is the IP address or DNS name of the pool master, <password> is the root account password, and <updatefilepath> is the path to the .xsupdate file.
The UUID of the hotfix is displayed. XenServer assigns the UUID to the .xsupdate file.
Type the following command to apply the hotfix to all hosts in the pool.
xe patch-pool-apply uuid=7c04fd30-9a0a-4894-9662-05ca9f866162
Verify that the update was applied using the following command.
xe patch-list -s
<hostname>-u root -pw
Where <hostname> is the IP address or DNS name of the pool master and <password> is the root account password.
The hosts field contains the UUIDs of the hosts to which the hotfix was successfully applied. If the update is successful, all the hosts in the pool are listed.
For each host, migrate any VMs that you want to keep running and shut down the remaining VMs before restarting the host.
The hotfix is applied to all hosts in the pool, but does not take effect until each host is restarted.
To verify in XenCenter that the update was applied correctly, select the pool in the resources pane and then click the General tab in the properties pane. Expand the Updates section of the pool properties and ensure that the update is listed as Fully applied.
|Hotfix file name||XS602E008.xsupdate|
|Hotfix file UUID||7c04fd30-9a0a-4894-9662-05ca9f866162|
|Hotfix file md5sum||1215881520ba7c6b059ecc2194039e4d|
|Hotfix source file name||XS602E008-src-pkgs.tar.bz2|
|Hotfix source file md5sum||d99773b26ff8853843e7baebd1072dcb|
|Hotfix ZIP file name||XS602E008.zip|
|Hotfix ZIP file md5sum||fe1d35bbf43d2bdc27123f84da7b78a6|