[THIN] Re: Vulnerability in Citrix Secure Gateway could result in Denial ofService

  • From: Carl Stalhood <cstalhood@xxxxxxxxx>
  • To: thin@xxxxxxxxxxxxx
  • Date: Thu, 18 Jun 2009 20:27:09 -0500

It should work, but make sure you install 3.1.1 and not 3.1.



On Thu, Jun 18, 2009 at 8:02 PM, alan tropper <alan.tropper@xxxxxxxxxxxxx>wrote:

>  Hi All,
>
>
>
> I have citrix secure gateway 3.0 installed, can I just run 3.1 install to
> upgrade or do I need to remove 3.0 before installing 3.1?
>
>
>
> Thanks
>
>
>
> Al
>
>
>  ------------------------------
>
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Carl Stalhood
> *Sent:* Thursday, 18 June 2009 10:26 PM
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* [THIN] Vulnerability in Citrix Secure Gateway could result in
> Denial ofService
>
>
>
> From http://support.citrix.com/article/CTX121172*: *
>
> *Description of Problem *
>
> A vulnerability has been identified in Citrix Secure Gateway that could
> result in a denial of service.
>
> When a specific request is made to the Secure Gateway service from a remote
> attacker, the Secure Gateway service can be made to consume 100% of the
> available CPU and may refuse further connections.
>
> This vulnerability is present in all versions of Citrix Secure Gateway up
> to and including version 3.1.
>
> Please note that the Citrix Access Gateway appliance is not affected by
> this vulnerability when configured to act as a Citrix Secure Gateway.
>
> *What Customers Should Do*
>
> A hotfix has been released to address this issue. Citrix recommends that
> customers using Secure Gateway install this hotfix, which can be downloaded
> from the following locations:
>
> *Citrix Secure Gateway 3.1*:
>
> EN - *http://support.citrix.com/article/CTX121012*
>
> JA - *http://support.citrix.com/article/CTX121013*
>

Other related posts: