VMware patches NFC, Java and SSL
With security advisory VMSA-2013-0003 VMware has release updated versions of VMware vCenter Server, ESXi and ESX. These updates close security holes in the company's Network File Copy (NFC) protocol; this is mostly used when moving virtual machines from one host to the other. Additionally, VMware caught up with security updates for OpenSSL and Java.
VMware does not go into detail on how severe the security vulnerabilities are that it has fixed. However, it is noteworthy that the company refers to Oracle's October Patch Day for the Java updates; the OpenSSL patches deal with problems in the ASN1 parser that were fixed by the OpenSSL developers in April 2012. In the meantime, a lot of things have happened, especially with regard to Java. This means users should not expect to be safe after deploying these patches.