[Security-announce] UPDATED VMSA-2013-0004.1 VMware ESXi security update for third party library

VMware Security Announcements security-announce at lists.vmware.com
Thu Apr 25 21:04:42 PDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID: VMSA-2013-0004.1
Synopsis:    VMware ESXi security update for third party library
Issue date:  2013-03-28
Updated on:  2013-04-25
CVE number:  CVE-2012-5134
- -----------------------------------------------------------------------

1. Summary

   VMware ESXi security updates for third party library

2. Relevant releases

   ESXi 5.1 without patch ESXi510-201304101 
   ESXi 5.0 without patch ESXi500-201303101

3. Problem Description

   a. Update to ESX/ESXi libxml2 userworld 

      The ESXi userworld libxml2 library has been updated to
      resolve a security issue. 

      The Common Vulnerabilities and Exposures project
      (cve.mitre.org) has assigned the name CVE-2012-5134
      to this issue.

      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.

        VMware          Product   Running  Replace with/
        Product         Version   on       Apply Patch
        ==============  ========  =======  =================
        ESXi            5.1       ESXi     ESXi510-201304101-SG 
        ESXi            5.0       ESXi     ESXi500-201303101-SG
        ESXi            4.1       ESXi     patch pending
        ESXi            4.0       ESXi     patch pending
                                     
        ESX             4.1       ESX      patch pending
        ESX             4.0       ESX      patch pending

 4. Solution

   Please review the patch/release notes for your product and
   version and verify the checksum of your downloaded file.
 
   ESXi and ESX
   ------------
   https://my.vmware.com/web/vmware/downloads
   
   ESXi 5.1 
   -------- 
   File: update-from-esxi5.1-5.1_update01.zip
   md5sum: 28b8026bcfbe3cd1817509759d4b61d6
   sha1sum: 9d3124d3c5efa6d0c3b9ba06511243fc6e205542 
   update-from-esxi5.1-5.1_update01.zip contains ESXi510-201304101-SG
   http://kb.vmware.com/kb/2041632
 

   ESXi 5.0
   --------
   File: ESXi500-201303001.zip
   md5sum: c62470c48e81da84891c79d5533c8e91
   sha1sum: 69fe8933888d2a6c4e53cfe822441c963bdcd2c7
   http://kb.vmware.com/kb/2044373   
   
5. References

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134

- ----------------------------------------------------------------------

6. Change log

   2013-03-28 VMSA-2013-0004
   Initial security advisory in conjunction with the release of
   ESXi 5.0 patch on 2013-03-28.

   2013-04-25 VMSA-2013-0004.1
   Updated security advisory due to ESXi 5.1 update released on
   2013-04-25

- ----------------------------------------------------------------------

7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
   
   This Security Advisory is posted to the following lists:
   
     * security-announce at lists.vmware.com
     * bugtraq at securityfocus.com
     * full-disclosure at lists.grok.org.uk
   
   E-mail:  security at vmware.com
   PGP key at: http://kb.vmware.com/kb/1055
   
   VMware Security Advisories
   http://www.vmware.com/security/advisories
   
   VMware security response policy
   http://www.vmware.com/support/policies/security_response.html
   
   General support life cycle policy
   http://www.vmware.com/support/policies/eos.html
   
   VMware Infrastructure support life cycle policy
   http://www.vmware.com/support/policies/eos_vi.html
   
   Copyright 2013 VMware Inc.  All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.0 (Build 8741)
Charset: utf-8

wj8DBQFReaLcDEcm8Vbi9kMRAlsTAJ4+/bhdjR/fz/f09unlsgBo/m8DOQCgnGMp
B5x7k73tygKIJKBxRnFl7jI=
=4s3z
-----END PGP SIGNATURE-----



More information about the Security-announce mailing list