VMSA-2014-0004 VMware Product Updates Address OpenSSL Security Vulnerabilities Network Vulnerability

Summary

VMware product updates address OpenSSL security vulnerabilities.

Solution

Apply the missing patch(es).

Insight

a. Information Disclosure vulnerability in OpenSSL third party library The OpenSSL library is updated to version openssl-1.0.1g to resolve multiple security issues The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0076 and CVE-2014-0160 to these issues.

Affected

ESXi 5.5 without patch ESXi550-201404020 ESXi 5.5 Update 1 without patch ESXi550-201404001

Detection

Checks for missing patches.

References

http://www.vmware.com/security/advisories/VMSA-2014-0004.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-0076, CVE-2014-0160
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

VMSA-2014-0012: VMware vSphere product updates address security vulnerabilities
VMSA-2012-0018: VMware security updates for vCSA and ESXi
VMSA-2014-0001 VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues
VMSA-2013-0004 VMware ESXi security update for third party library
VMSA-2013-0011 VMware ESX and ESXi updates to third party libraries

VMSA-2014-0004 VMware product updates address OpenSSL security vulnerabilities

Take action and discover your vulnerabilities