Summary
VMware product updates address OpenSSL security vulnerabilities.
Solution
Apply the missing patch(es).
Insight
a. OpenSSL update for multiple products.
OpenSSL libraries have been updated in multiple products to versions 0.9.8za and 1.0.1h in order to resolve multiple security issues.
Affected
ESXi 5.5 prior to ESXi550-201406401-SG,
ESXi 5.1 without patch ESXi510-201406401-SG,
ESXi 5.0 without patch ESXi500-201407401-SG
Detection
Checks for missing patches.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-5298, CVE-2014-0198, CVE-2014-0224, CVE-2014-3470 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- VMSA-2013-0011 VMware ESX and ESXi updates to third party libraries
- VMSA-2014-0004 VMware product updates address OpenSSL security vulnerabilities
- VMSA-2014-0002 VMware vSphere updates to third party libraries
- VMSA-2013-0004 VMware ESXi security update for third party library
- VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX