what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

VMware Security Advisory 2011-0001

VMware Security Advisory 2011-0001
Posted Jan 6, 2011
Authored by VMware | Site vmware.com

VMware Security Advisory 2011-0001 - ESX 4.0 Service Console OS (COS) updates for glibc, sudo, and openldap packages.

tags | advisory
advisories | CVE-2010-0211, CVE-2010-0212, CVE-2010-2956, CVE-2010-3847, CVE-2010-3856
SHA-256 | c46f8a177cb54cdf53c56e8c0fc1617a7a611c96438fab66c017b274544829ed

VMware Security Advisory 2011-0001

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2011-0001
Synopsis: VMware ESX third party updates for Service Console
packages glibc, sudo, and openldap
Issue date: 2011-01-04
Updated on: 2011-01-04 (initial release of advisory)
CVE numbers: CVE-2010-3847 CVE-2010-385 CVE-2010-2956
CVE-2010-0211 CVE-2010-0212
- ------------------------------------------------------------------------

1. Summary

ESX 4.0 Service Console OS (COS) updates for glibc, sudo, and
openldap packages.

2. Relevant releases

VMware ESX 4.0 without patches ESX400-201101405-SG,
ESX400-201101404-SG, ESX400-201101402-SG

3. Problem Description

a. Service Console update for glibc

The service console packages glibc, glibc-common, and nscd are each
updated to version 2.5-34.4908.vmw.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-3847 and CVE-2010-3856 to the issues
addressed in this update.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected

hosted * any any not affected

ESXi any ESXi not applicable

ESX 4.1 ESX affected, patch pending
ESX 4.0 ESX ESX400-201101405-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable

* Hosted products are VMware Workstation, Player, ACE, Server, Fusion.

b. Service Console update for sudo

The service console package sudo is updated to version
1.7.2p1-8.el5_5.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-2956 to the issue addressed in this
update.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected

hosted * any any not affected

ESXi any ESXi not affected

ESX 4.1 ESX affected, patch pending
ESX 4.0 ESX ESX400-201101404-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable

* hosted products are VMware Workstation, Player, ACE, Server, Fusion.

c. Service Console update for openldap

The service console package openldap is updated to version
2.3.43-12.el5_5.1.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-0211 and CVE-2010-0212 to the issues
addressed in this update.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected

hosted * any any not affected

ESXi any ESXi not affected

ESX 4.1 ESX affected, patch pending
ESX 4.0 ESX ESX400-201101402-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable

* hosted products are VMware Workstation, Player, ACE, Server, Fusion.

4. Solution

Please review the patch/release notes for your product and version
and verify the checksum of your downloaded file.

ESX 4.0
-------
ESX400-201101001
Download link:

https://hostupdate.vmware.com/software/VUM/OFFLINE/release-257-20101231-664
659/ESX400-201101001.zip
md5sum: f1d522b380692e0845eb0dda480ab890
sha1sum: 906989af3ddacc41321d685c4afe0d740856f9d5
http://kb.vmware.com/kb/1029426

ESX400-201101001 contains the following security bulletins:
ESX400-201101401-SG (COS kernel) | http://kb.vmware.com/kb/1029424
ESX400-201101405-SG (glibc) | http://kb.vmware.com/kb/1029881
ESX400-201101404-SG (sudo) | http://kb.vmware.com/kb/1029421
ESX400-201101402-SG (openldap) | http://kb.vmware.com/kb/1029423

ESX400-201101401-SG is documented in VMSA-2010-0017.1.

To install an individual bulletin use esxupdate with the -b option.

5. References

CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0212

- ------------------------------------------------------------------------

6. Change log

2011-01-04 VMSA-2011-0001
Initial security advisory in conjunction with the release of patches
for ESX 4.0 on 2011-01-04

- -----------------------------------------------------------------------
7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center
http://www.vmware.com/security

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2011 VMware Inc. All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFNJBPaS2KysvBH1xkRAtseAJ4l2OJWnrpwT9YcncIzlZU66/imEgCfUBzL
wDKHxW0zrjUpSyFjUvC87Nk=
=28bu
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close