Monitoring for XenServer Security Updates
We continually release updates for the XenServer family of products, including updates that address security issues. We recommend that customers monitor the availability of new updates and apply them to their installations.
You can find information about whether there are pending updates for your systems on the XenCenter UI.
Recommendation:
We recommend subscribing to XenServer Security Bulletins. These are listed at https://support.citrix.com/s/article/CTX691478-security-bulletins-for-xenserver where the “My support alerts” option in the account pull-down lets you register to receive email alerts when we release security bulletins and updates. Alternatively, Atom and RSS feeds of security alerts are published at https://support.citrix.com/s/rss-feeds.
We recommend selecting the Notifications tab in XenCenter when events are flagged and examining the relevant Alerts and Updates.
We recommend regularly applying any pending XenServer updates to your systems. However, we recommend expediting this when a security bulletin is published. After a security bulletin is published, the security vulnerability becomes publicly known. This principle also applies to any guest operating systems and any application workloads.
Many updates make use of XenServer’s Live Patching feature to minimize the disruption caused by updating.
Recommendation:
When deploying updates, consider whether the updates make use of the Live Patch functionality and if that can expedite deployment.
We recommend following your hardware manufacturer’s guidance on applying any relevant firmware updates.