[Security-announce] NEW VMSA-2013-0007 VMware ESX third party update for Service Console package sudo
VMware Security Announcements
security-announce at lists.vmware.com
Thu May 30 21:21:00 PDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -----------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2013-0007
Synopsis: VMware ESX third party update for Service Console package sudo
Issue date: 2013-05-30
Updated on: 2013-05-30 (initial advisory)
CVE number: CVE-2012-2337, CVE-2012-3440
- -----------------------------------------------------------------------
1. Summary
VMware ESX third party update for Service Console package sudo
2. Relevant releases
VMware ESX 4.0 without patch ESX400-201305001
3. Problem Description
a. Service Console update for sudo
The service console package sudo is updated to version
1.7.2p1-14.el5_8.3
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2012-2337 and CVE-2012-3440 to the issue
addressed in this update.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
ESXi any ESXi not affected
ESX 4.1 ESX Patch Pending
ESX 4.0 ESX ESX400-201305402-SG
4. Solution
Please review the patch/release notes for your product and version
and verify the checksum of your downloaded file.
ESXi and ESX
--------------------------
https://www.vmware.com/patchmgr/download.portal
ESX 4.0
-------
File: ESX400-201305001.zip
md5sum: c9ac91d3d803c7b7cb9df401c20b91c0
sha1sum: 7f5cef274c709248daa56d8c0e6fcc1ba86ae411
https://kb.vmware.com/kb/2044240
ESX400-201305001 contains ESX400-201305402-SG
5. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3440
- -----------------------------------------------------------------------
6. Change log
2013-05-30 VMSA-2013-0007
Initial security advisory in conjunction with the release of ESX 4.0
patches on 2013-05-30.
- -----------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2013 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.0 (Build 8741)
Charset: utf-8
wj8DBQFRqCSyDEcm8Vbi9kMRAo4NAJ48+50wdSXvLgwkthMju5MmEvgd4QCfULk2
A6v/h02vlKKYy2sVY9VT1Nw=
=QIV+
-----END PGP SIGNATURE-----
More information about the Security-announce
mailing list