Summary
VMware product updates address OpenSSL security vulnerabilities.
Solution
Apply the missing patch(es).
Insight
a. OpenSSL update for multiple products.
OpenSSL libraries have been updated in multiple products to versions 0.9.8za and 1.0.1h in order to resolve multiple security issues.
Affected
ESXi 5.5 prior to ESXi550-201406401-SG,
ESXi 5.1 without patch ESXi510-201406401-SG,
ESXi 5.0 without patch ESXi500-201407401-SG
Detection
Checks for missing patches.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-5298, CVE-2014-0198, CVE-2014-0224, CVE-2014-3470 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- VMSA-2013-0004 VMware ESXi security update for third party library
- VMSA-2013-0009 VMware ESX and ESXi updates to third party libraries
- VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX
- VMSA-2014-0001 VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues
- VMSA-2014-0012: VMware vSphere product updates address security vulnerabilities