Security updates for VMware ESX Server
VMware has released updates for the VMware ESX Server, which, as well as fixing bugs in open source components, also fixes problems with insecure SSL keys and virtual disks.
The updates fix long-known security vulnerabilities in OpenSSL, OpenSSH and Python. However VMware's software is not without its own problems - newly created virtual disks occupying previously deleted blocks on the disk could disclose information in these blocks. In addition, the vmware-config script may set privileges for files containing generated SSL keys such that they can be accessed by users with restricted privileges.
VMware has released patches for the following affected ESX server versions:2.0.2, 2.1.3, 2.5.3, 2.5.4, 3.0.0 and 3.0.1. Because some of the security vulnerabilities that have been fixed allow the injection of arbitrary code, ESX server administrators should install the patches as soon as possible.
- VMware ESX Server security updates, security advisory from VMware
(trk)