In association with heise online

09 January 2007, 11:42

Security updates for VMware ESX Server

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

VMware has released updates for the VMware ESX Server, which, as well as fixing bugs in open source components, also fixes problems with insecure SSL keys and virtual disks.

The updates fix long-known security vulnerabilities in OpenSSL, OpenSSH and Python. However VMware's software is not without its own problems - newly created virtual disks occupying previously deleted blocks on the disk could disclose information in these blocks. In addition, the vmware-config script may set privileges for files containing generated SSL keys such that they can be accessed by users with restricted privileges.

VMware has released patches for the following affected ESX server versions:2.0.2, 2.1.3, 2.5.3, 2.5.4, 3.0.0 and 3.0.1. Because some of the security vulnerabilities that have been fixed allow the injection of arbitrary code, ESX server administrators should install the patches as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit