Skip to content


VMware Security Update: Accelerated Release of Patches

VMware Security has posted an announcement that patches are being made available immediately.

VMware has accelerated the delivery of a set of software patches for specific product releases that may be exposed to increased risk. We encourage all customers to view the following links to determine if appropriate patches are available for products in their environment: http://kb.vmware.com/kb/2019941 and http://www.vmware.com/security/advisories/VMSA-2012-0009.html.

For example, ESXi 5.0 P3 has a Security Patch Needed.

Apply security patch available at http://www.vmware.com/patchmgr/ download.portal under Bulletin ESXi500-201205401-SG.

That patch has the following explanations:

Due to a flaw in the handling of NFS traffic, it is possible to overwrite memory. This vulnerability may allow a user with access to the network to execute code on the ESXi/ESX host without authentication. The issue is not present in cases where there is no NFS traffic.

[...]

Due to a flaw in the virtual floppy configuration it is possible to perform an out-of-bounds memory write. This vulnerability may allow a guest user to crash the VMX process or potentially execute code on the host.

[...]

Due to a flaw in the SCSI device registration it is possible to perform an unchecked write into memory. This vulnerability may allow a guest user to crash the VMX process or potentially execute code on the host.

Their announcement also has a FAQ with reference to recent events:

In light of the current circumstances, we have accelerated our most recent security patches and applied them to all affected currently supported products.

Posted in Security.


0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word