VMSA-2014-0004 VMware Product Updates Address OpenSSL Security Vulnerabilities Network Vulnerability

Summary

VMware product updates address OpenSSL security vulnerabilities.

Solution

Apply the missing patch(es).

Insight

a. Information Disclosure vulnerability in OpenSSL third party library The OpenSSL library is updated to version openssl-1.0.1g to resolve multiple security issues The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0076 and CVE-2014-0160 to these issues.

Affected

ESXi 5.5 without patch ESXi550-201404020 ESXi 5.5 Update 1 without patch ESXi550-201404001

Detection

Check the build number.

References

http://www.vmware.com/security/advisories/VMSA-2014-0004.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-0076, CVE-2014-0160

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apple Safari 'Webkit' Information Disclosure Vulnerability (Mac OS X)
Adobe Reader Information Disclosure & Denial of Service Vulnerabilities (Windows)
Apple Safari WebKit Information Disclosure Vulnerability (Mac OS X)
Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Mac OS X)
Apache Traffic Server Remote DNS Cache Poisoning Vulnerability

VMSA-2014-0004 VMware product updates address OpenSSL security vulnerabilities

Take action and discover your vulnerabilities