[Security-announce] NEW: VMSA-2013-0004 VMware ESXi security update for third party library

VMware Security Announcements security-announce at lists.vmware.com
Thu Mar 28 21:43:58 PDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID: VMSA-2013-0004
Synopsis:    VMware ESXi security update for third party library
Issue date:  2013-03-28
Updated on:  2013-03-28
CVE number:  CVE-2012-5134
- -----------------------------------------------------------------------

1. Summary

   VMware ESXi security updates for third party library

2. Relevant releases

   ESXi 5.0 without patch ESXi500-201303101-SG

3. Problem Description

   a. Update to ESX/ESXi libxml2 userworld 

      The ESXi userworld libxml2 library has been updated to
      resolve a security issue. 

      The Common Vulnerabilities and Exposures project
      (cve.mitre.org) has assigned the name CVE-2012-5134
      to this issue.

      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.

        VMware          Product   Running  Replace with/
        Product         Version   on       Apply Patch
        ==============  ========  =======  =================
        ESXi            5.1       ESXi     patch pending
        ESXi            5.0       ESXi     ESXi500-201303101-SG
        ESXi            4.1       ESXi     patch pending
        ESXi            4.0       ESXi     patch pending
                                     
        ESX             4.1       ESX      patch pending
        ESX             4.0       ESX      patch pending

 4. Solution

   Please review the patch/release notes for your product and
   version and verify the checksum of your downloaded file.
 
   ESXi and ESX
   ------------
   https://my.vmware.com/web/vmware/downloads
   
   ESXi 5.0
   --------
   File: ESXi500-201303001.zip
   md5sum: c62470c48e81da84891c79d5533c8e91
   sha1sum: 69fe8933888d2a6c4e53cfe822441c963bdcd2c7
   http://kb.vmware.com/kb/2044373   
   
5. References

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134

- -----------------------------------------------------------------------

6. Change log

   2013-03-28 VMSA-2013-0004
   Initial security advisory in conjunction with the release of
   ESXi 5.0 patch on 2013-03-28.

- -----------------------------------------------------------------------

7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
   
   This Security Advisory is posted to the following lists:
   
     * security-announce at lists.vmware.com
     * bugtraq at securityfocus.com
     * full-disclosure at lists.grok.org.uk
   
   E-mail:  security at vmware.com
   PGP key at: http://kb.vmware.com/kb/1055
   
   VMware Security Advisories
   http://www.vmware.com/security/advisories
   
   VMware security response policy
   http://www.vmware.com/support/policies/security_response.html
   
   General support life cycle policy
   http://www.vmware.com/support/policies/eos.html
   
   VMware Infrastructure support life cycle policy
   http://www.vmware.com/support/policies/eos_vi.html
   
   Copyright 2013 VMware Inc.  All rights reserved.



-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.0 (Build 8741)
Charset: utf-8

wj8DBQFRVRs1DEcm8Vbi9kMRAk8VAJ9YeadQIvvqFWn5EHSVput1RpVvNQCg0h1q
DqklLa5y1jt77JS0hLT3kms=
=8xg5
-----END PGP SIGNATURE-----



More information about the Security-announce mailing list