Summary
VMware has updated several third party libraries in ESX and ESXi to address multiple security vulnerabilities.
Solution
Apply the missing patch(es).
Insight
a. ESX userworld update for OpenSSL library
The userworld OpenSSL library is updated to version openssl-0.9.8y to resolve multiple security issues.
b. Service Console (COS) update for OpenSSL library The Service Console updates for OpenSSL library is updated to version openssl-0.9.8e-26.el5_9.1 to resolve multiple security issues.
c. ESX Userworld and Service Console (COS) update for libxml2 library The ESX Userworld and Service Console libxml2 library is updated to version libxml2-2.6.26-2.1.21.el5_9.1 and libxml2-python-2.6.26-2.1.21.el5_9.1. to resolve a security issue.
d. Service Console (COS) update for GnuTLS library The ESX service console GnuTLS RPM is updated to version gnutls-1.4.1-10.el5_9.1 to resolve a security issue.
e. ESX third party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-348.3.1.el5 which addresses several security issues in the COS kernel.
Affected
VMware ESXi 4.1 without patch ESXi410-201307001.
VMware ESX 4.1 without patch ESX410-201307001
VMware ESXi 5.0 without Update 3
VMware ESXi 4.0 without patch ESXi400-201310001
VMware ESX 4.0 without patch ESX400-201310001
Detection
Check for missing patches.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-0166, CVE-2013-0169, CVE-2013-0268, CVE-2013-0338, CVE-2013-0871, CVE-2013-2116 -
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- VMSA-2014-0006: VMware product updates address OpenSSL security vulnerabilities
- VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX
- VMSA-2014-0001 VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues
- VMSA-2014-0002 VMware vSphere updates to third party libraries
- VMSA-2013-0004 VMware ESXi security update for third party library