SANS ISC: VMware New and Updated Advisories

• SANS Site Network
  • Current Site
  • SANS Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • DFIR
  • Software Security
  • Government OnSite Training

SANS ISC InfoSec Forums

 VMware issued the following security advisories:

The VMware vCenter Chargeback Manager contains a vulnerability that allows information leakage and DoS [1]. VMware recommend applying the following patch available here [2].

The VMware VirtualCenter and ESX, Oracle (Sun) JRE update 1.5.0_32 Oracle (Sun) JRE is updated to version 1.5.0_32, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE [3]. VMware recommend applying the following patch for VMware Virtual Center 2.5 Update 6b available here [4] (registered users with a valid serial number) and ESX350-201203401-SG and here [5].

The following advisories have been updated

VMware ESX third party updates for Service Console packages glibc and dhcp (VMSA-2011-0010.3) [6]
VMware ESXi and ESX updates to third party libraries and ESX Service Console (VMSA-2011-0012.3) [7]
VMware third party component updates for VMware vCenter Server, vSphere Update Manager, ESXi and ESX (VMSA-2011-0013.2) [8]

[1] http://www.vmware.com/security/advisories/VMSA-2012-0002.html
[2] http://downloads.vmware.com/d/info/it_business_management/vmware_vcenter_chargeback/2_0
[3] http://www.vmware.com/security/advisories/VMSA-2012-0003.html
[4] http://www.vmware.com/download/download.do?downloadGroup=VC250U6B
[5] http://downloads.vmware.com/go/selfsupport-download
[6] http://www.vmware.com/security/advisories/VMSA-2011-0010.html
[7] http://www.vmware.com/security/advisories/VMSA-2011-0012.html
[8] http://www.vmware.com/security/advisories/VMSA-2011-0013.html

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu