VMware has updated several third party libraries in ESX and ESXi to address multiple security vulnerabilities.
Apply the missing patch(es).
a. ESX userworld update for OpenSSL library The userworld OpenSSL library is updated to version openssl-0.9.8y to resolve multiple security issues. b. Service Console (COS) update for OpenSSL library The Service Console updates for OpenSSL library is updated to version openssl-0.9.8e-26.el5_9.1 to resolve multiple security issues. c. ESX Userworld and Service Console (COS) update for libxml2 library The ESX Userworld and Service Console libxml2 library is updated to version libxml2-2.6.26-2.1.21.el5_9.1 and libxml2-python-2.6.26-2.1.21.el5_9.1. to resolve a security issue. d. Service Console (COS) update for GnuTLS library The ESX service console GnuTLS RPM is updated to version gnutls-1.4.1-10.el5_9.1 to resolve a security issue. e. ESX third party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-348.3.1.el5 which addresses several security issues in the COS kernel.
VMware ESXi 4.1 without patch ESXi410-201307001. VMware ESX 4.1 without patch ESX410-201307001 VMware ESXi 5.0 without Update 3 VMware ESXi 4.0 without patch ESXi400-201310001 VMware ESX 4.0 without patch ESX400-201310001
Check for missing patches.
Updated on 2015-03-25
CVE CVE-2013-0166, CVE-2013-0169, CVE-2013-0268, CVE-2013-0338, CVE-2013-0871, CVE-2013-2116
CVSS Base Score: 6.9
- VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX
- VMSA-2014-0006: VMware product updates address OpenSSL security vulnerabilities
- VMSA-2014-0005: VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation
- VMSA-2014-0004 VMware product updates address OpenSSL security vulnerabilities
- VMSA-2014-0012: VMware vSphere product updates address security vulnerabilities