VMSA-2014-0004 VMware Product Updates Address OpenSSL Security Vulnerabilities Network Vulnerability

Summary

VMware product updates address OpenSSL security vulnerabilities.

Solution

Apply the missing patch(es).

Insight

a. Information Disclosure vulnerability in OpenSSL third party library The OpenSSL library is updated to version openssl-1.0.1g to resolve multiple security issues The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0076 and CVE-2014-0160 to these issues.

Affected

ESXi 5.5 without patch ESXi550-201404020 ESXi 5.5 Update 1 without patch ESXi550-201404001

Detection

Check the build number.

References

http://www.vmware.com/security/advisories/VMSA-2014-0004.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-0076, CVE-2014-0160

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Adobe Digital Edition Information Disclosure Vulnerability (Windows)
Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Windows)
Apple Safari Multiple Memory Corruption Vulnerabilities-01 Aug14 (Mac OS X)
Apache Tomcat Multiple Vulnerabilities - 03 Mar14
Apache Tomcat Remote Code Execution Vulnerability - Sep14

VMSA-2014-0004 VMware product updates address OpenSSL security vulnerabilities

Take action and discover your vulnerabilities