VMWare ESX Server patches
VMWare has released security updates for the ESX Server service console, which close security vulnerabilities in OpenSSL, BIND and vim. The SSL error can be exploited to allow a forged certificate to skip validation checks, while the BIND error allowed a malicious zone to present a malformed DSA certificate and also bypass proper certificate validation.
Patches are available for ESX version 3.0.2 and 3.0.3 and links can be found in the original advisory. According to the manufacturer, patches for version 3.5 and 2.5.5 are still in the works.
- ESX Service Console updates for openssl, bind, and vim, advisory from VMWare.