From Reddit https://www.reddit.com/r/vmware/comments/1h9uao3/vmware_by_broadcom_please_dont_be_mad_at_my_video/?share_id=nLY4-zjA4-0pLEV2z6uOJ&utm_content=1&utm_medium=ios_app&utm_name=ioscss&utm_source=share&utm_term=1

#KVM #vmware #OpenShiftVirtualization #nutanix #suselinux #ProxMox #CitrixHypervisor #hyperv

Admins müssen selbst handeln: #PuTTY-Sicherheitslücke bedroht #CitrixHypervisor | Security https://www.heise.de/news/Admins-muessen-selbst-handeln-PuTTY-Sicherheitsluecke-bedroht-Citrix-Hypervisor-9713898.html #Citrix #SSH #Patchday

Чим замінити продукти VMware, які тепер дорожче: 5 альтернатив для вашої IT-інфраструктури https://itc.ua/ua/articles/chym-zaminyty-produkty-vmware-yaki-teper-dorozhche-5-alternatyv-dlya-vashoyi-it-infrastruktury/ #ProxmoxVirtualEnvironment #Партнерськийпроект #CitrixHypervisor #SIM-Networks #OpenStack #Broadcom #Hyper-V #VMware #Xen #КВМ

#Citrix Releases Security Updates for #CitrixHypervisor

https://www.cisa.gov/news-events/alerts/2023/11/16/citrix-releases-security-updates-citrix-hypervisor-0

#PatchYourShit

"🚨 #CitrixHypervisor Security Alert! 🚨"

Citrix has identified several security issues in Citrix Hypervisor 8.2 CU1 LTSR that could potentially compromise system security. These issues include AMD-based host compromise through a PCI device (CVE-2023-34326), host compromise with specific administrative actions (CVE-2022-1304), host crashes or unresponsiveness (CVE-2023-34324), and crashing of other VMs on AMD-based hosts (CVE-2023-34327). Additionally, a security problem affecting certain AMD CPUs, which may allow code in a guest VM to access previous integer divides in code running on the same CPU core, has been disclosed as CVE-2023-20588.

Mitigating factors include the dependency on AMD CPUs and the use of specific features. Customers not using AMD CPUs or PCI passthrough features may not be affected by some of these issues.

Citrix has released multiple security updates for Citrix Hypervisor 8.2 CU1 LTSR. Several vulnerabilities have been discovered:

1. CVE-2023-34326: A threat that allows malicious privileged code in a guest VM to compromise an AMD-based host via a passed-through PCI device.
2. CVE-2022-1304: A vulnerability that can compromise the host when a specific administrative action is taken.
3. CVE-2023-34324: A flaw that can cause the host to crash or become unresponsive.
4. CVE-2023-34327: A vulnerability that can cause a different VM running on the AMD-based host to crash.
5. CVE-2023-20588: A security issue affecting certain AMD CPUs, allowing code in a guest VM to determine values from previous integer divides in code running on the same CPU core.

Citrix has provided hotfixes for these vulnerabilities. Affected users are advised to install these updates and follow the provided instructions. For more details, check the official Citrix article here.

Tags: #Cybersecurity #Citrix #Hypervisor #Vulnerability #AMD #CVE2023 #CVE2022 #SecurityUpdates 🛡️🔧