VMware patches vulnerabilities in its products
VMware has released updates for its ESX Server to fix vulnerabilities in the DHCP Client, DHCP Server, Service Console kernel and Java Runtime Environment (JRE). The security announcement lists a total of 48 CVE entries. The vulnerabilities can be exploited to carry out denial-of-service (DoS) attacks or to compromise systems.
Whilst the bugs in the Service Console kernel and JRE can only be exploited when an attacker has access to the console or console network, attackers can penetrate the ESX Server's DHCP client via a normal LAN.
vCenter, VirtualCenter and Server 2.0 are also affected by the vulnerabilities in DHCP and JRE. However, VMware is still working on patches for these products
See also:
- VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues , security advisory from VMware.
(crve)