Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2011.1090.4
VMware third party component updates for VMware vCenter
Server, vCenter Update Manager, ESXi and ESX
30 March 2012
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: ESXi 4.1
ESX 4.1
ESX 4.0
vCenter 5.0
vCenter 4.1
vCenter 4.0
vCenter 2.5
Update Manager 4.1
Update Manager 4.0
Publisher: VMWare
Operating System: VMWare ESX Server
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Provide Misleading Information -- Remote/Unauthenticated
Unauthorised Access -- Remote/Unauthenticated
Reduced Security -- Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2011-0873 CVE-2011-0871 CVE-2011-0867
CVE-2011-0865 CVE-2011-0864 CVE-2011-0862
CVE-2011-0815 CVE-2011-0814 CVE-2011-0802
CVE-2011-0002 CVE-2010-4476 CVE-2010-4475
CVE-2010-4474 CVE-2010-4473 CVE-2010-4472
CVE-2010-4471 CVE-2010-4470 CVE-2010-4469
CVE-2010-4468 CVE-2010-4467 CVE-2010-4466
CVE-2010-4465 CVE-2010-4463 CVE-2010-4462
CVE-2010-4454 CVE-2010-4452 CVE-2010-4451
CVE-2010-4450 CVE-2010-4448 CVE-2010-4447
CVE-2010-4422 CVE-2010-4180 CVE-2010-3574
CVE-2010-3573 CVE-2010-3572 CVE-2010-3571
CVE-2010-3570 CVE-2010-3569 CVE-2010-3568
CVE-2010-3567 CVE-2010-3566 CVE-2010-3565
CVE-2010-3563 CVE-2010-3562 CVE-2010-3561
CVE-2010-3560 CVE-2010-3559 CVE-2010-3558
CVE-2010-3557 CVE-2010-3556 CVE-2010-3555
CVE-2010-3554 CVE-2010-3553 CVE-2010-3552
CVE-2010-3551 CVE-2010-3550 CVE-2010-3549
CVE-2010-3548 CVE-2010-3541 CVE-2010-3173
CVE-2010-3170 CVE-2010-2054 CVE-2010-1321
CVE-2008-7270
Reference: ASB-2011.0070
ASB-2011.0059
ASB-2011.0047
ASB-2011.0031
ASB-2011.0013
ASB-2010.0229
ASB-2010.0225
ASB-2010.0222.2
ESB-2011.0902
ESB-2011.0668
ESB-2011.0462
ESB-2011.0282
ESB-2011.0194
ESB-2011.0192
ESB-2011.0177
ESB-2011.0167.3
ESB-2011.0069
ESB-2010.1055.2
ESB-2010.0943
ESB-2010.0789.5
ESB-2010.0453
ESB-2010.0451
Revision History: March 30 2012: Updated the Relevant Releases, Problem Description, and Solution sections to document the release of ESX 4.0 patches on 2012-03-29
March 12 2012: JRE update on vCenter Server 2.5 and ESX 3.5 released
November 21 2011: vCenter and vSphere 4.0 updates released
October 28 2011: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
-----------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2011-0013.3
Synopsis: VMware third party component updates for VMware vCenter
Server, vCenter Update Manager, ESXi and ESX
Issue date: 2011-10-27
Updated on: 2012-03-29
CVE numbers: --- openssl ---
CVE-2008-7270 CVE-2010-4180
--- libuser ---
CVE-2011-0002
--- nss, nspr ---
CVE-2010-3170 CVE-2010-3173
--- Oracle (Sun) JRE 1.6.0 ---
CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549
CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553
CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557
CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3561
CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566
CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3570
CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574
CVE-2010-4422 CVE-2010-4447 CVE-2010-4448 CVE-2010-4450
CVE-2010-4451 CVE-2010-4452 CVE-2010-4454 CVE-2010-4462
CVE-2010-4463 CVE-2010-4465 CVE-2010-4466 CVE-2010-4467
CVE-2010-4468 CVE-2010-4469 CVE-2010-4470 CVE-2010-4471
CVE-2010-4472 CVE-2010-4473 CVE-2010-4474 CVE-2010-4475
CVE-2010-4476
--- Oracle (Sun) JRE 1.5.0 ---
CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4454
CVE-2010-4462 CVE-2010-4465 CVE-2010-4466 CVE-2010-4468
CVE-2010-4469 CVE-2010-4473 CVE-2010-4475 CVE-2010-4476
CVE-2011-0862 CVE-2011-0873 CVE-2011-0815 CVE-2011-0864
CVE-2011-0802 CVE-2011-0814 CVE-2011-0871 CVE-2011-0867
CVE-2011-0865
--- SFCB ---
CVE-2010-2054
-----------------------------------------------------------------------
1. Summary
Updates for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere
Hypervisor (ESXi) 4.1 and ESX 4.x addresses several security issues.
2. Relevant releases
vCenter Server 4.1 without Update 2
vCenter Server 4.0 without Update 4
vCenter Update Manager 4.1 without Update 2
vCenter Update Manager 4.0 without Update 4
ESXi 4.1 without patch ESX410-201110201-SG
ESX 4.1 without patches ESX410-201110201-SG, ESX410-201110204-SG,
ESX410-201110206-SG, and ESX410-201110214-SG
ESX 4.0 without patches ESX400-201111201-SG, ESX400-201203401-SG,
and ESX400-201203406-SG
3. Problem Description
a. ESX third party update for Service Console openssl RPM
The Service Console openssl RPM is updated to
openssl-0.9.8e.12.el5_5.7 resolving two security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-7270 and CVE-2010-4180 to these
issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
========= ======== ======= =================
vCenter any Windows not affected
hosted* any any not affected
ESXi any any not affected
ESX 4.1 ESX ESX410-201110204-SG
ESX 4.0 ESX ESX400-201203401-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
b. ESX third party update for Service Console libuser RPM
The Service Console libuser RPM is updated to version
0.54.7-2.1.el5_5.2 to resolve a security issue.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2011-0002 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
========= ======== ======= =================
vCenter any Windows not affected
hosted* any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201110206-SG
ESX 4.0 ESX ESX400-201203406-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
c. ESX third party update for Service Console nss and nspr RPMs
The Service Console Network Security Services (NSS) and Netscape
Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1
and nss-3.12.8-4 resolving multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-3170 and CVE-2010-3173 to these
issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
========= ======== ======= =================
vCenter any Windows not affected
hosted* any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201110214-SG
ESX 4.0 ESX see VMSA-2012-0001
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24
Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses
multiple security issues that existed in earlier releases of
Oracle (Sun) JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448,
CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454,
CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466,
CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470,
CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474,
CVE-2010-4475 and CVE-2010-4476.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548,
CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552,
CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556,
CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560,
CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565,
CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569,
CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and
CVE-2010-3574.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 5.0 Windows not affected
vCenter 4.1 Windows Update 2
vCenter 4.0 Windows not applicable **
VirtualCenter 2.5 Windows not applicable **
Update Manager 5.0 Windows not affected
Update Manager 4.1 Windows not applicable **
Update Manager 4.0 Windows not applicable **
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201110201-SG
ESX 4.0 ESX not applicable **
ESX 3.5 ESX not applicable **
ESX 3.0.3 ESX not applicable **
* hosted products are VMware Workstation, Player, ACE, Fusion.
** this product uses the Oracle (Sun) JRE 1.5.0 family
e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30
Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses
multiple security issues that existed in earlier releases of
Oracle (Sun) JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873,
CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814,
CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448,
CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465,
CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473,
CVE-2010-4475, CVE-2010-4476.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 5.0 Windows not applicable **
vCenter 4.1 Windows not applicable **
vCenter 4.0 Windows Update 4
VirtualCenter 2.5 Windows see VMSA-2012-0003
Update Manager 5.0 Windows not applicable **
Update Manager 4.1 Windows Update 2
Update Manager 4.0 Windows Update 4
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX not applicable **
ESX 4.0 ESX ESX400-201111201-SG
ESX 3.5 ESX see VMSA-2012-0003
ESX 3.0.3 ESX affected, no patch planned
* hosted products are VMware Workstation, Player, ACE, Fusion.
** this product uses the Oracle (Sun) JRE 1.6.0 family
f. Integer overflow in VMware third party component sfcb
This release resolves an integer overflow issue present in the
third party library SFCB when the httpMaxContentLength has been
changed from its default value to 0 in in /etc/sfcb/sfcb.cfg.
The integer overflow could allow remote attackers to cause a
denial of service (heap memory corruption) or possibly execute
arbitrary code via a large integer in the Content-Length HTTP
header.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-2054 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
========= ======== ======= =================
vCenter any Windows not affected
hosted* any any not affected
ESXi 5.0 ESXi not affected
ESXi 4.1 ESXi ESXi410-201110201-SG
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.1 ESX ESX410-201110201-SG
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
* hosted products are VMware Workstation, Player, ACE, Fusion.
4. Solution
Please review the patch/release notes for your product and version
and verify the checksum of your downloaded file.
VMware vCenter Server 4.1
----------------------------------------------
vCenter Server 4.1 Update 2
The download for vCenter Server includes VMware Update Manager.
Download link:
http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1
Release Notes:
http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html
https://www.vmware.com/support/pubs/vum_pubs.html
File: VMware-VIMSetup-all-4.1.0-493063.iso
md5sum: d132326846a85bfc9ebbc53defeee6e1
sha1sum: 192c3e5d2a10bbe53c025cc7eedb3133a23e0541
File: VMware-VIMSetup-all-4.1.0-493063.zip
md5sum: 7fd7b09e501bd8fde52649b395491222
sha1sum: 46dd00e7c594ac672a5d7c3c27d15be2f5a5f1f1
File: VMware-viclient-all-4.1.0-491557.exe
md5sum: dafd31619ae66da65115ac3900697e3a
sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef
VMware vCenter Server 4.0
----------------------------------------------
vCenter Server 4.0 Update 4
The download for vCenter Server includes VMware Update Manager.
Download link:
http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_0
Release Notes:
http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx40_vc40.html
https://www.vmware.com/support/pubs/vum_pubs.html
File: VMware-VIMSetup-all-4.0.0-502539.iso
md5sum: b418ff3d394f91b418271b6b93dfd6bd
sha1sum: 56c2ec60f8b8a734a8312d9e38d5d70cd20c0927
File: VMware-VIMSetup-all-4.0.0-502539.zip
md5sum: 2acfadde1ec0cd6d37063d87246d6942
sha1sum: ea1f3a3cb178f23fc2cf49bfc1450d10e5f699f8
VMware ESXi 4.1
---------------
VMware ESXi 4.1 Update 2
Download link:
http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1
Release Notes:
https://www.vmware.com/support/pubs/vs_pages/vsp_pubs_esxi41_i_vc41.html
File: VMware-VMvisor-Installer-4.1.0.update02-502767.x86_64.iso
md5sum: 0aa78790a336c5fc6ba3d9807c98bfea
sha1sum: 7eebd34ab5bdc81401ae20dcf59a8f8ae22086ce
File: upgrade-from-esxi4.0-to-4.1-update02-502767.zip
md5sum: 459d9142a885854ef0fa6edd8d6a5677
sha1sum: 75978b6f0fc3b0ccc63babe6a65cfde6ec420d33
File: upgrade-from-ESXi3.5-to-4.1_update02.502767.zip
md5sum: 3047fac78a4aaa05cf9528d62fad9d73
sha1sum: dc99b6ff352ace77d5513b4c6d8a2cb7e766a09f
File: VMware-tools-linux-8.3.12-493255.iso
md5sum: 63028f2bf605d26798ac24525a0e6208
sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932
File: VMware-viclient-all-4.1.0-491557.exe
md5sum: dafd31619ae66da65115ac3900697e3a
sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef
VMware ESXi 4.1 Update 2 contains ESXi410-201110201-SG.
VMware ESX 4.1
--------------
VMware ESX 4.1 Update 2
Download link:
http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1
Release Notes:
http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html
File: ESX-4.1.0-update02-502767.iso
md5sum: 9a2b524446cbd756f0f1c7d8d88077f8
sha1sum: 2824c0628c341357a180b3ab20eb2b7ef1bee61c
File: pre-upgrade-from-esx4.0-to-4.1-502767.zip
md5sum: 9060ad94d9d3bad7d4fa3e4af69a41cf
sha1sum: 9b96ba630377946c42a8ce96f0b5745c56ca46b4
File: upgrade-from-esx4.0-to-4.1-update02-502767.zip
md5sum: 4b60f36ee89db8cb7e1243aa02cdb549
sha1sum: 6b9168a1b01379dce7db9d79fd280509e16d013f
File: VMware-tools-linux-8.3.12-493255.iso
md5sum: 63028f2bf605d26798ac24525a0e6208
sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932
File: VMware-viclient-all-4.1.0-491557.exe
md5sum: dafd31619ae66da65115ac3900697e3a
sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef
VMware ESX 4.1 Update 2 contains ESX410-201110204-SG,
ESX410-201110206-SG, ESX410-201110201-SG and
ESX410-201110214-SG.
VMware ESX 4.0
--------------
File: ESX400-201203001.zip
Build: 660575
md5sum: 02B7E883E8B438B83BF5E53A1BE71AD3
sha1sum: 34734A8EDBA225A332731205EE2D6575AD9E1C88
http://kb.vmware.com/kb/2011767
ESX400-201203401 contains ESX400-201203401-SG and
ESX400-201203406-SG
VMware ESX 4.0 Update 4
Release Notes:
http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx40_vc40.html
File: ESX-4.0.0-update04-504850.iso
md5sum: 1954179addb35e2bee137e91244f954b
sha1sum: ade401e1f4063d60543c8cefcc7440273dd646f0
File: update-from-esx4.0-4.0_update04.zip
md5sum: 697374569a12c55c4473247f4e55a887
sha1sum: 7daedf6736f9a771baa1f58d441b99bc9c87eedd
VMware ESX 4.0 Update 4 contains ESX400-201111201-SG.
5. References
CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0873
-----------------------------------------------------------------------
6. Change log
2011-10-27 VMSA-2011-0013
Initial security advisory in conjunction with the release of Update
2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere
Hypervisor (ESXi) 4.1 and ESX 4.1 on 2011-10-27.
2011-11-17 VMSA-2011-0013.1
Update of security advisory after the release of Update 4 for
vCenter Server 4.0, vSphere Update Manager 4.0, vSphere Hypervisor
(ESXi) 4.0 and ESX 4.0 on 2011-11-17.
2012-03-08 VMSA-2011-0013.2
Added a reference to VMSA-2012-0003 for the JRE update on vCenter
Server 2.5 and ESX 3.5 released on 2012-03-08.
2012-03-29 VMSA-2011-0013.3
Updated the Relevant Releases, Problem Description, and Solution
sections to document the release of ESX 4.0 patches on 2012-03-29.
-----------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2011 VMware Inc. All rights reserved.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iEYEARECAAYFAk91ERsACgkQDEcm8Vbi9kMgZgCg6APMu81pZWuOvhDJcJo36YCV
neEAoPDGR0kQXM2EVyxEGZAc+K+pJvQO
=atZy
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBT3VIOu4yVqjM2NGpAQL0WxAAgqtq7vHEN3WCyxpl0B0y4IsJGsIc3cZ9
vxZblTqTRcWeipJ04W+MJOPMkoYsM/a5Rn718eXwhePfI8a9ryTC6rp0VwURpOtj
CsZdZrbNk8+wkZzcB9+3zgI5xtmB9ignvpXWQPunumUPxmJvlxBh2dMjTKb+RlEB
2AtCuSJaZ9ERkUYaBErBgwMLvL3TdkUyjkLeIaJl0MsOgpD9nL5haPHBqUpJ/Ari
+gY5cFQh4p0pBfFevbBnUVnDIaPCl25nSmnHI14zIDWM1D0hHRUQPk+wHt1P7Bef
PnAC7rYHVLena1K0WxRAPeSM+l9mCuLPnYqFajaHdl0s7PRxy82fKAhwilAKls2J
s0XqxBQqZo86u2qlshcovcYufM4LMpR+h98CTDnQ3qo6z2eecu/KO+Aw2AVkQcPr
nqjR+Vf0eVE/jeEZwuNEuc8jekeTCOTGkNjd6JZjokemZH4MRKFO8d/uVUKzqYIA
EcvkCK0ak6uMLMcS0vtMgHaTPyF1Q/mpr6v7rdazOzig5bPvOm6f/muya390qqpf
BNOYgKbXywgHbv+ZDJulV4OV6AOdBYnuXTPEpaWRKZD9vT7pPIrR3WZqgu99Pay5
KuC8iOU6Teghl7xB2jofdL0dbk/qssLOWlWykipPftnSa7oJY3T4pJWybpEawBL9
wf/9Qy+MGt8=
=lHZ4
-----END PGP SIGNATURE-----