[Security-announce] UPDATED: VMSA-2011-0013.3 VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

VMware Security Announcements security-announce at lists.vmware.com
Thu Mar 29 18:59:22 PDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 -----------------------------------------------------------------------
                        VMware Security Advisory

Advisory ID: VMSA-2011-0013.3
Synopsis:    VMware third party component updates for VMware vCenter
             Server, vCenter Update Manager, ESXi and ESX
Issue date:  2011-10-27
Updated on:  2012-03-29
CVE numbers: --- openssl ---
             CVE-2008-7270 CVE-2010-4180
             --- libuser ---
             CVE-2011-0002
             --- nss, nspr ---
             CVE-2010-3170 CVE-2010-3173
             --- Oracle (Sun) JRE 1.6.0 ---
             CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549
             CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553
             CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557
             CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3561
             CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566
             CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3570
             CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574
             CVE-2010-4422 CVE-2010-4447 CVE-2010-4448 CVE-2010-4450
             CVE-2010-4451 CVE-2010-4452 CVE-2010-4454 CVE-2010-4462
             CVE-2010-4463 CVE-2010-4465 CVE-2010-4466 CVE-2010-4467
             CVE-2010-4468 CVE-2010-4469 CVE-2010-4470 CVE-2010-4471
             CVE-2010-4472 CVE-2010-4473 CVE-2010-4474 CVE-2010-4475
             CVE-2010-4476
             --- Oracle (Sun) JRE 1.5.0 ---
             CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4454
             CVE-2010-4462 CVE-2010-4465 CVE-2010-4466 CVE-2010-4468
             CVE-2010-4469 CVE-2010-4473 CVE-2010-4475 CVE-2010-4476
             CVE-2011-0862 CVE-2011-0873 CVE-2011-0815 CVE-2011-0864
             CVE-2011-0802 CVE-2011-0814 CVE-2011-0871 CVE-2011-0867
             CVE-2011-0865
             --- SFCB ---
             CVE-2010-2054
 -----------------------------------------------------------------------

1. Summary

   Updates for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere
   Hypervisor (ESXi) 4.1 and ESX 4.x addresses several security issues.

2. Relevant releases

   vCenter Server 4.1 without Update 2
   vCenter Server 4.0 without Update 4
   
   vCenter Update Manager 4.1 without Update 2
   vCenter Update Manager 4.0 without Update 4

   ESXi 4.1 without patch ESX410-201110201-SG
   
   ESX 4.1 without patches ESX410-201110201-SG, ESX410-201110204-SG,
   ESX410-201110206-SG, and ESX410-201110214-SG
   
   ESX 4.0 without patches ESX400-201111201-SG, ESX400-201203401-SG,
   and ESX400-201203406-SG
      
3. Problem Description

   a. ESX third party update for Service Console openssl RPM

      The Service Console openssl RPM is updated to
      openssl-0.9.8e.12.el5_5.7 resolving two security issues.

      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the names CVE-2008-7270 and CVE-2010-4180 to these
      issues.
      
      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.
     
      VMware      Product     Running     Replace with/
      Product     Version     on          Apply Patch
      =========   ========    =======     =================
      vCenter     any         Windows     not affected
      
      hosted*     any         any         not affected
      
      ESXi        any         any         not affected
      
      ESX         4.1         ESX         ESX410-201110204-SG
      ESX         4.0         ESX         ESX400-201203401-SG
      ESX         3.5         ESX         not applicable
      ESX         3.0.3       ESX         not applicable
      
      * hosted products are VMware Workstation, Player, ACE, Fusion.
      
   b. ESX third party update for Service Console libuser RPM
 
      The Service Console libuser RPM is updated to version
      0.54.7-2.1.el5_5.2 to resolve a security issue.
  
      The Common Vulnerabilities and Exposures Project (cve.mitre.org)
      has assigned the name CVE-2011-0002 to this issue.
  
      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.
  
      VMware      Product     Running     Replace with/
      Product     Version     on          Apply Patch
      =========   ========    =======     =================
      vCenter     any         Windows     not affected
  
      hosted*     any         any         not affected
  
      ESXi        any         ESXi        not affected
  
      ESX         4.1         ESX         ESX410-201110206-SG
      ESX         4.0         ESX         ESX400-201203406-SG
      ESX         3.5         ESX         not applicable
      ESX         3.0.3       ESX         not applicable
  
      * hosted products are VMware Workstation, Player, ACE, Fusion.
     
   c. ESX third party update for Service Console nss and nspr RPMs
 
      The Service Console Network Security Services (NSS) and Netscape
      Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1
      and nss-3.12.8-4 resolving multiple security issues.
  
      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the names CVE-2010-3170 and CVE-2010-3173 to these
      issues.
  
      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.
  
      VMware      Product     Running     Replace with/
      Product     Version     on          Apply Patch
      =========   ========    =======     =================
      vCenter     any         Windows     not affected
  
      hosted*     any         any         not affected
  
      ESXi        any         ESXi        not affected
  
      ESX         4.1         ESX         ESX410-201110214-SG
      ESX         4.0         ESX         see VMSA-2012-0001
      ESX         3.5         ESX         not applicable
      ESX         3.0.3       ESX         not applicable
  
      * hosted products are VMware Workstation, Player, ACE, Fusion.
      
   d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24
   
      Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses
      multiple security issues that existed in earlier releases of
      Oracle (Sun) JRE.
  
      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the following names to the security issues fixed in
      JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448,
      CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454,
      CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466,
      CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470,
      CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474,
      CVE-2010-4475 and CVE-2010-4476.
  
      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the following names to the security issues fixed in
      JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548,
      CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552,
      CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556,
      CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560,
      CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565,
      CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569,
      CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and
      CVE-2010-3574.
  
      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.
   
      VMware         Product   Running  Replace with/
      Product        Version   on       Apply Patch
      =============  ========  =======  =================
      vCenter        5.0       Windows  not affected
      vCenter        4.1       Windows  Update 2
      vCenter        4.0       Windows  not applicable **
      VirtualCenter  2.5       Windows  not applicable **
        
      Update Manager 5.0       Windows  not affected
      Update Manager 4.1       Windows  not applicable **
      Update Manager 4.0       Windows  not applicable **
        
      hosted *       any       any      not affected
        
      ESXi           any       ESXi     not affected
        
      ESX            4.1       ESX      ESX410-201110201-SG
      ESX            4.0       ESX      not applicable **
      ESX            3.5       ESX      not applicable **
      ESX            3.0.3     ESX      not applicable **
        
      * hosted products are VMware Workstation, Player, ACE, Fusion.
      ** this product uses the Oracle (Sun) JRE 1.5.0 family
     
   e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30
   
      Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses
      multiple security issues that existed in earlier releases of
      Oracle (Sun) JRE.
   
      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the following names to the security issues fixed in
      Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873,
      CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814,
      CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865.
   
      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the following names to the security issues fixed in
      Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448,
      CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465,
      CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473,
      CVE-2010-4475, CVE-2010-4476.
   
      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.
        
      VMware         Product   Running  Replace with/
      Product        Version   on       Apply Patch
      =============  ========  =======  =================
      vCenter        5.0       Windows  not applicable **
      vCenter        4.1       Windows  not applicable **
      vCenter        4.0       Windows  Update 4
      VirtualCenter  2.5       Windows  see VMSA-2012-0003
        
      Update Manager 5.0       Windows  not applicable **
      Update Manager 4.1       Windows  Update 2
      Update Manager 4.0       Windows  Update 4
        
      hosted *       any       any      not affected
        
      ESXi           any       ESXi     not affected
        
      ESX            4.1       ESX      not applicable **
      ESX            4.0       ESX      ESX400-201111201-SG
      ESX            3.5       ESX      see VMSA-2012-0003
      ESX            3.0.3     ESX      affected, no patch planned
        
      * hosted products are VMware Workstation, Player, ACE, Fusion.
      ** this product uses the Oracle (Sun) JRE 1.6.0 family      
  
   f. Integer overflow in VMware third party component sfcb

      This release resolves an integer overflow issue present in the
      third party library SFCB when the httpMaxContentLength has been
      changed from its default value to 0 in in /etc/sfcb/sfcb.cfg.
      The integer overflow could allow remote attackers to cause a
      denial of service (heap memory corruption) or possibly execute
      arbitrary code via a large integer in the Content-Length HTTP
      header.
  
      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the name CVE-2010-2054 to this issue.
  
      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.
  
      VMware      Product     Running     Replace with/
      Product     Version     on          Apply Patch
      =========   ========    =======     =================
      vCenter     any         Windows     not affected
  
      hosted*     any         any         not affected
  
      ESXi        5.0         ESXi        not affected
      ESXi        4.1         ESXi        ESXi410-201110201-SG
      ESXi        4.0         ESXi        not affected
      ESXi        3.5         ESXi        not affected
  
      ESX         4.1         ESX         ESX410-201110201-SG
      ESX         4.0         ESX         not affected
      ESX         3.5         ESX         not affected
      ESX         3.0.3       ESX         not affected
      
      * hosted products are VMware Workstation, Player, ACE, Fusion.
  
4. Solution

   Please review the patch/release notes for your product and version
   and verify the checksum of your downloaded file.

   VMware vCenter Server 4.1
   ----------------------------------------------
   vCenter Server 4.1 Update 2
   The download for vCenter Server includes VMware Update Manager.
   
   Download link:
   http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1
   
   Release Notes:    
   http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html
   https://www.vmware.com/support/pubs/vum_pubs.html

   File: VMware-VIMSetup-all-4.1.0-493063.iso
   md5sum: d132326846a85bfc9ebbc53defeee6e1
   sha1sum: 192c3e5d2a10bbe53c025cc7eedb3133a23e0541
   
   File: VMware-VIMSetup-all-4.1.0-493063.zip
   md5sum: 7fd7b09e501bd8fde52649b395491222
   sha1sum: 46dd00e7c594ac672a5d7c3c27d15be2f5a5f1f1

   File: VMware-viclient-all-4.1.0-491557.exe
   md5sum: dafd31619ae66da65115ac3900697e3a
   sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef

   VMware vCenter Server 4.0
   ----------------------------------------------
   vCenter Server 4.0 Update 4
   The download for vCenter Server includes VMware Update Manager.
   
   Download link:
   http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_0
   
   Release Notes:    
   http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx40_vc40.html
   https://www.vmware.com/support/pubs/vum_pubs.html

   File: VMware-VIMSetup-all-4.0.0-502539.iso
   md5sum: b418ff3d394f91b418271b6b93dfd6bd
   sha1sum: 56c2ec60f8b8a734a8312d9e38d5d70cd20c0927
   
   File: VMware-VIMSetup-all-4.0.0-502539.zip
   md5sum: 2acfadde1ec0cd6d37063d87246d6942
   sha1sum: ea1f3a3cb178f23fc2cf49bfc1450d10e5f699f8
   
   VMware ESXi 4.1
   ---------------
   VMware ESXi 4.1 Update 2
   
   Download link:
   http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1
   
   Release Notes:    
   https://www.vmware.com/support/pubs/vs_pages/vsp_pubs_esxi41_i_vc41.html
   
   File: VMware-VMvisor-Installer-4.1.0.update02-502767.x86_64.iso
   md5sum: 0aa78790a336c5fc6ba3d9807c98bfea
   sha1sum: 7eebd34ab5bdc81401ae20dcf59a8f8ae22086ce
   
   File: upgrade-from-esxi4.0-to-4.1-update02-502767.zip
   md5sum: 459d9142a885854ef0fa6edd8d6a5677
   sha1sum: 75978b6f0fc3b0ccc63babe6a65cfde6ec420d33
   
   File: upgrade-from-ESXi3.5-to-4.1_update02.502767.zip
   md5sum: 3047fac78a4aaa05cf9528d62fad9d73
   sha1sum: dc99b6ff352ace77d5513b4c6d8a2cb7e766a09f
   
   File: VMware-tools-linux-8.3.12-493255.iso
   md5sum: 63028f2bf605d26798ac24525a0e6208
   sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932
   
   File: VMware-viclient-all-4.1.0-491557.exe
   md5sum: dafd31619ae66da65115ac3900697e3a
   sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef
   
   VMware ESXi 4.1 Update 2 contains ESXi410-201110201-SG.        
   
   VMware ESX 4.1
   --------------   
   VMware ESX 4.1 Update 2

   Download link:
   http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1
   
   Release Notes:    
   http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html

   File: ESX-4.1.0-update02-502767.iso
   md5sum: 9a2b524446cbd756f0f1c7d8d88077f8
   sha1sum: 2824c0628c341357a180b3ab20eb2b7ef1bee61c
   
   File: pre-upgrade-from-esx4.0-to-4.1-502767.zip
   md5sum: 9060ad94d9d3bad7d4fa3e4af69a41cf
   sha1sum: 9b96ba630377946c42a8ce96f0b5745c56ca46b4
   
   File: upgrade-from-esx4.0-to-4.1-update02-502767.zip
   md5sum: 4b60f36ee89db8cb7e1243aa02cdb549
   sha1sum: 6b9168a1b01379dce7db9d79fd280509e16d013f
   
   File: VMware-tools-linux-8.3.12-493255.iso
   md5sum: 63028f2bf605d26798ac24525a0e6208
   sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932
   
   File: VMware-viclient-all-4.1.0-491557.exe
   md5sum: dafd31619ae66da65115ac3900697e3a
   sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef
   
   VMware ESX 4.1 Update 2 contains ESX410-201110204-SG,
   ESX410-201110206-SG, ESX410-201110201-SG and
   ESX410-201110214-SG.

   VMware ESX 4.0
   --------------   
   File: ESX400-201203001.zip
   Build: 660575
   md5sum: 02B7E883E8B438B83BF5E53A1BE71AD3
   sha1sum: 34734A8EDBA225A332731205EE2D6575AD9E1C88
   http://kb.vmware.com/kb/2011767

   ESX400-201203401 contains ESX400-201203401-SG and
   ESX400-201203406-SG

   VMware ESX 4.0 Update 4
   Release Notes:    
   http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx40_vc40.html

   File: ESX-4.0.0-update04-504850.iso
   md5sum: 1954179addb35e2bee137e91244f954b
   sha1sum: ade401e1f4063d60543c8cefcc7440273dd646f0
   
   File: update-from-esx4.0-4.0_update04.zip
   md5sum: 697374569a12c55c4473247f4e55a887
   sha1sum: 7daedf6736f9a771baa1f58d441b99bc9c87eedd
   
   VMware ESX 4.0 Update 4 contains ESX400-201111201-SG.

5. References

   CVE numbers
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7270
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2054
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3552
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3555
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3558
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3560
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3563
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3570
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4422
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4451
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4452
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4463
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4467
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4470
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4471
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4472
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4474
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0002
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0815
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0864
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0873
    
 -----------------------------------------------------------------------
6. Change log

   2011-10-27 VMSA-2011-0013
   Initial security advisory in conjunction with the release of Update
   2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere
   Hypervisor (ESXi) 4.1 and ESX 4.1 on 2011-10-27.
   
   2011-11-17 VMSA-2011-0013.1
   Update of security advisory after the release of Update 4 for
   vCenter Server 4.0, vSphere Update Manager 4.0, vSphere Hypervisor
   (ESXi) 4.0 and ESX 4.0 on 2011-11-17.

   2012-03-08 VMSA-2011-0013.2
   Added a reference to VMSA-2012-0003 for the JRE update on vCenter
   Server 2.5 and ESX 3.5 released on 2012-03-08.

   2012-03-29 VMSA-2011-0013.3
   Updated the Relevant Releases, Problem Description, and Solution
   sections to document the release of ESX 4.0 patches on 2012-03-29.

 -----------------------------------------------------------------------

7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
   
   This Security Advisory is posted to the following lists:
   
     * security-announce at lists.vmware.com
     * bugtraq at securityfocus.com
     * full-disclosure at lists.grok.org.uk
   
   E-mail:  security at vmware.com
   PGP key at: http://kb.vmware.com/kb/1055
   
   VMware Security Advisories
   http://www.vmware.com/security/advisories
   
   VMware security response policy
   http://www.vmware.com/support/policies/security_response.html
   
   General support life cycle policy
   http://www.vmware.com/support/policies/eos.html
   
   VMware Infrastructure support life cycle policy
   http://www.vmware.com/support/policies/eos_vi.html
   
   Copyright 2011 VMware Inc.  All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iEYEARECAAYFAk91ERsACgkQDEcm8Vbi9kMgZgCg6APMu81pZWuOvhDJcJo36YCV
neEAoPDGR0kQXM2EVyxEGZAc+K+pJvQO
=atZy
-----END PGP SIGNATURE-----



More information about the Security-announce mailing list