Summary
VMware product updates address OpenSSL security vulnerabilities.
Solution
Apply the missing patch(es).
Insight
a. OpenSSL update for multiple products.
OpenSSL libraries have been updated in multiple products to versions 0.9.8za and 1.0.1h in order to resolve multiple security issues.
Affected
ESXi 5.5 prior to ESXi550-201406401-SG,
ESXi 5.1 without patch ESXi510-201406401-SG,
ESXi 5.0 without patch ESXi500-201407401-SG
Detection
Checks for missing patches.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-5298, CVE-2014-0198, CVE-2014-0224, CVE-2014-3470 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- VMSA-2012-0018: VMware security updates for vCSA and ESXi
- VMSA-2014-0005: VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation
- VMSA-2014-0002 VMware vSphere updates to third party libraries
- VMSA-2014-0012: VMware vSphere product updates address security vulnerabilities
- VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX