Citrix XenServer HVM Graphics Buffer Overflow Vulnerability (CVE-2014-4947)

Citrix XenServer HVM Graphics Buffer Overflow Vulnerability (CVE-2014-4947)

Release date:
Updated on:

Affected Systems:
Citrix XenServer 6.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 68659
CVE (CAN) ID: CVE-2014-4947
 
Citrix XenServer product line is an enterprise-level platform for managing server virtualization in a data center through flexible aggregation of computing and storage resources.
A buffer overflow vulnerability exists in the Citrix XenServer HVM graphic console. Attackers can exploit this vulnerability to execute arbitrary code in the context of the affected application.
 
<* Source: vendor

Link: https://support.citrix.com/article/CTX140984
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
Citrix
------
Citrix has released a Security Bulletin (CTX140984) and corresponding patches for this:
CTX140984: Citrix XenServer Multiple Security Updates
Link: https://support.citrix.com/article/CTX140984
 
Patch download:
Https://support.citrix.com/article/CTX141036
Https://support.citrix.com/article/CTX141038
Https://support.citrix.com/article/CTX141040
Https://support.citrix.com/article/CTX141039
Https://support.citrix.com/article/CTX141043
Https://support.citrix.com/article/CTX141041
Https://support.citrix.com/article/CTX141042
 
This article permanently updates the link address: