VMSA-2010-0002 VMware vCenter update release addresses multiple security issues in Java JR
VMware recently sent out the following vCenter security announcement:1. Summary Updated Java JRE packages address several security issues.2. Relevant releases Virtual Center 2.5 before Update 63. Problem Description a. Java JRE Security Update JRE update to version 1.5.0_22, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_22: CVE-2009-3728, CVE-2009-3729, CVE-2009-3864, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884, CVE-2009-3886, CVE-2009-3885. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.0 Windows affected, patch pending * VirtualCenter 2.5 Windows Update 6 VirtualCenter 2.0.2 Windows affected, patch pending Workstation any any not affected Player any any not affected Server 2.0 any not being fixed at this time Server 1.0 any not affected ACE any any not affected Fusion any any not affected ESXi any ESXi not affected ESX 4.0 ESX affected, patch pending * ESX 3.5 ESX affected, patch pending ** ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 affected, patch pending * The JRE version of vCenter 4.0 and ESX 4.0 will be updated in the Update 2 release of vCenter 4.0 and ESX 4.0. See VMSA-2009-0016.1 for the update of JRE in vCenter 4.0 Update 1 and in ESX 4.0 Update 1. ** The JRE version of ESX 3.5 will be updated in an upcoming patch release. See VMSA-2009-0014.2 for the update of JRE in ESX 3.5 Patch 18. Notes: These vulnerabilities can be exploited remotely only if the attacker has access to the Service Console network. auto repair service . Security best practices provided by VMware recommend that the Service Console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices. moving company . The currently installed version of JRE depends on your patch deployment history.4. Solution Please review the patch/release notes for your product and version and verify the sha1sum or md5sum of your downloaded file. VMware Virtual Center 2.5 Update 6 ———————————- Version 2.5 Update 6 Build Number 227637 Release Date 2010/01/29 Type Product Binaries http://downloads.vmware.com/download/download.do?downloadGroup=VC250U6 VirtualCenter DVD image – English only version File size: 854 MB File type: .iso md5sum: d83b09ac0533a418d5b7f5493dbd3ed3 sha1sum: 1b969b397a937402b5e9463efc767eff7a980ad0 VirtualCenter as a Zip file – English only version File size: 625 MB File type: .zip md5sum: 760f335ebcd363e0e159b20da923621f sha1sum: e400bc1008d1e4c44d204a8135293b8ae305f14e VMware vCenter Converter BootCD VMware Converter Enterprise BootCD for VirtualCenter File size: 97 MB File type: .zip md5sum: e49e0ff0f2563196cc5d4b5c471cd666 VMware vCenter Converter CLI (Linux) VMware Converter Enterprise CLI for Linux platform File size: 37 MB File type: .tar.gz md5sum: 30d1f5e58a6cad8dacd988908305bc1c
(No Ratings Yet)
Loading ...
Loading ...
I seldom read articles from beginning to end as they usually have poor content and are dull. I really appreciate this article because it has great content and it’s interesting.
I could ask a lot of questions about this information, but you have laid everything out on the table here to the point it is easy to grasp. I agree with much of your article.
Great job on this article. I like your viewpoints and I agree on a lot of your content. Thank you very much for sharing this.
Thank you for this informational article. I concur on several of your views on this topic. Your writing style has impressed me and incited a lot of thought in your readers. You are very talented.
There are many aspects in this content that I can relate to and appreciate. The specifics are solid, interesting and well-written so as to make them easily understood. Thank you.
This is the most unique article I have read in quite some time. Thank you for presenting your points and providing this information. I have learned something about this topic.