Summary
VMware product updates address OpenSSL security vulnerabilities.
Solution
Apply the missing patch(es).
Insight
a. Information Disclosure vulnerability in OpenSSL third party library
The OpenSSL library is updated to version openssl-1.0.1g to resolve multiple security issues
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0076 and CVE-2014-0160 to these issues.
Affected
ESXi 5.5 without patch ESXi550-201404020
ESXi 5.5 Update 1 without patch ESXi550-201404001
Detection
Checks for missing patches.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-0076, CVE-2014-0160 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- VMSA-2014-0012: VMware vSphere product updates address security vulnerabilities
- VMSA-2012-0018: VMware security updates for vCSA and ESXi
- VMSA-2014-0001 VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues
- VMSA-2013-0004 VMware ESXi security update for third party library
- VMSA-2013-0011 VMware ESX and ESXi updates to third party libraries