Summary
VMware product updates address OpenSSL security vulnerabilities.
Solution
Apply the missing patch(es).
Insight
a. Information Disclosure vulnerability in OpenSSL third party library
The OpenSSL library is updated to version openssl-1.0.1g to resolve multiple security issues
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0076 and CVE-2014-0160 to these issues.
Affected
ESXi 5.5 without patch ESXi550-201404020
ESXi 5.5 Update 1 without patch ESXi550-201404001
Detection
Check the build number.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-0076, CVE-2014-0160 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apple Safari Multiple Memory Corruption Vulnerabilities-02 Aug14 (Mac OS X)
- Apple Safari 'Webkit' Information Disclosure Vulnerability (Win)
- Apple Safari 'Webkit' Multiple Vulnerabilities-01 Mar14 (Mac OS X)
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Windows)
- Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability