Hotfix package name: XS50EU3003
For: XenServer 5.0
Replaces: None
Date: Feb, 2010
Language supported: English (US)
Readme version: 1.00
Who Should Install This Hotfix?

It is recommended that all customers of XenServer 5.0 Update 3 install this update.
Issue Resolved In This Hotfix

This hotfix addresses an issue in user authentication in XenServer 5.0 Update 3 that would allow an unauthenticated user access to a limited set of functions. See Vulnerability in XenServer Could Result in Authentication Bypass for further information.
Installing the Hotfix

Customers should use either XenCenter or the CLI to install this update. Once the update has been installed, in order for it to take effect, the server must be restarted. As with any software update, please back up your data before applying this hotfix.

Always install the hotfix to the master of your pool first. If you do not do this, updated slaves cannot reconnect to the pool until the master has also been updated. Following the steps below once to upgrade the master, restarting the master, and then following the steps again for each of the slaves is best practice to ensure that the installation is completed in the correct order.
Installing the update using XenCenter

1. Download the update to a known location on a computer that has XenCenter installed.
2. In XenCenter, on the Tools menu, select Install New Update.
3. Select the servers you wish to update.
Citrix advises to update all hosts in a pool within a short space of time. Running a mixed pool of updated and non-updated hosts for general operation is not supported.
4. Click Next to proceed in the wizard.
5. Enter the path to browse to the downloaded update file. Click Next and the update will be uploaded to the pools and servers you chose to update.
6. Click Finish.
Citrix strongly advises that you use Manual mode for this update. If you select Manual mode, the update will be applied on each server but you will be required to manually restart the servers for the update to take effect.
7. After the hotfix is installed on all servers then reboot each server.

Installing the update using the off-host CLI

1. Download the hotfix to a known location on a computer that has the XenServer CLI installed.
2. Upload the hotfix to the pool or host you wish to apply it to:
$ xe -s -u root -pw patch-upload file-name=
This causes the hotfix identifier to be printed to the screen:
B7616953-53E2-414E-B93A-EE817AC8655A
3. Apply the hotfix to the pool, specifying the UUID of the hotfix, as given by the upload command in the previous step:
$ xe -s -u root -pw patch-pool-apply \
uuid=B7616953-53E2-414E-B93A-EE817AC8655A
4. In order to complete the application of the hotfix, restart the hosts in the pool.

Files
Hotfix File
Hotfix file name File md5sum
XS50EU3003.xsupdate a81d5946cce31fa8d19b5de79fdaad07
Files Updated
File name File location File md5sum
xapi /opt/xensource/bin/ 6437bdb3951fe6e945d44ffe05c4eb9b

To download go to http://support.citrix.com/article/CTX123460