Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
From: VMware Security Team <security () vmware com>
Date: Fri, 20 Nov 2009 12:56:48 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2009-0016
Synopsis:          VMware vCenter and ESX update release and vMA patch
                   release address multiple security issue in third
                   party components
Issue date:        2009-11-20
Updated on:        2009-11-20 (initial release of advisory)
CVE numbers:       --- JRE ---
                   CVE-2009-1093 CVE-2009-1094 CVE-2009-1095
                   CVE-2009-1096 CVE-2009-1097 CVE-2009-1098
                   CVE-2009-1099 CVE-2009-1100 CVE-2009-1101
                   CVE-2009-1102 CVE-2009-1103 CVE-2009-1104
                   CVE-2009-1105 CVE-2009-1106 CVE-2009-1107
                   CVE-2009-2625 CVE-2009-2670 CVE-2009-2671
                   CVE-2009-2672 CVE-2009-2673 CVE-2009-2675
                   CVE-2009-2676 CVE-2009-2716 CVE-2009-2718
                   CVE-2009-2719 CVE-2009-2720 CVE-2009-2721
                   CVE-2009-2722 CVE-2009-2723 CVE-2009-2724
                   --- Tomcat ---
                   CVE-2008-5515 CVE-2009-0033 CVE-2009-0580
                   CVE-2009-0781 CVE-2009-0783 CVE-2008-1232
                   CVE-2008-1947 CVE-2008-2370 CVE-2007-5333
                   CVE-2007-5342 CVE-2007-5461 CVE-2007-6286
                   CVE-2008-0002
                   --- ntp ---
                   CVE-2009-1252 CVE-2009-0159
                   --- kernel ---
                   CVE-2008-3528 CVE-2008-5700 CVE-2009-0028
                   CVE-2009-0269 CVE-2009-0322 CVE-2009-0675
                   CVE-2009-0676 CVE-2009-0778 CVE-2008-4307
                   CVE-2009-0834 CVE-2009-1337 CVE-2009-0787
                   CVE-2009-1336 CVE-2009-1439 CVE-2009-1633
                   CVE-2009-1072 CVE-2009-1630 CVE-2009-1192
                   CVE-2007-5966 CVE-2009-1385 CVE-2009-1388
                   CVE-2009-1389 CVE-2009-1895 CVE-2009-2406
                   CVE-2009-2407 CVE-2009-2692 CVE-2009-2698
                   CVE-2009-0745 CVE-2009-0746 CVE-2009-0747
                   CVE-2009-0748 CVE-2009-2847 CVE-2009-2848
                   --- python ---
                   CVE-2007-2052 CVE-2007-4965 CVE-2008-1721
                   CVE-2008-1887 CVE-2008-2315 CVE-2008-3142
                   CVE-2008-3143 CVE-2008-3144 CVE-2008-4864
                   CVE-2008-5031
                   --- bind ---
                   CVE-2009-0696
                   --- libxml and libxml2 ---
                   CVE-2009-2414 CVE-2009-2416
                   --- curl --
                   CVE-2009-2417
                   --- gnutil ---
                   CVE-2007-2052
- -----------------------------------------------------------------------

1. Summary

   Updated Java JRE packages and Tomcat packages address several security
   issues. Updates for the ESX Service Console and vMA include kernel,
   ntp, Python, bind libxml, libxml2, curl and gnutil packages. ntp is
   also updated for ESXi userworlds.

2. Relevant releases

   vCenter Server 4.0 before Update 1

   ESXi 4.0 without patch ESXi400-200911201-UG

   ESX 4.0 without patches ESX400-200911201-UG, ESX400-200911223-UG,
                           ESX400-200911232-SG, ESX400-200911233-SG,
                           ESX400-200911234-SG, ESX400-200911235-SG,
                           ESX400-200911237-SG, ESX400-200911238-SG

   vMA 4.0 before patch 02

3. Problem Description

 a. JRE Security Update

    JRE update to version 1.5.0_20, which addresses multiple security
    issues that existed in earlier releases of JRE.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the following names to the security issues fixed in
    JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,
    CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,
    CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,
    CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the following names to the security issues fixed in
    JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,
    CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676,
    CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720,
    CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724.

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    vCenter        4.0       Windows  Update 1
    VirtualCenter  2.5       Windows  affected, patch pending
    VirtualCenter  2.0.2     Windows  affected, patch pending

    Workstation    any       any      not affected

    Player         any       any      not affected

    Server         2.0       any      affected, patch pending
    Server         1.0       any      not affected

    ACE            any       any      not affected

    Fusion         any       any      not affected

    ESXi           any       ESXi     not affected

    ESX            4.0       ESX      ESX400-200911223-UG
    ESX            3.5       ESX      affected, patch pending
    ESX            3.0.3     ESX      affected, patch pending
    ESX            2.5.5     ESX      not affected

    vMA            4.0       RHEL5    Patch 2 *

  * vMA JRE is updated to version JRE 1.5.0_21

    Notes: These vulnerabilities can be exploited remotely only if the
           attacker has access to the Service Console network.

           Security best practices provided by VMware recommend that the
           Service Console be isolated from the VM network. Please see
           http://www.vmware.com/resources/techresources/726 for more
           information on VMware security best practices.

           The currently installed version of JRE depends on your patch
           deployment history.


 b. Update Apache Tomcat version to 6.0.20

   Update for VirtualCenter and ESX patch update the Tomcat package to
   version 6.0.20 which addresses multiple security issues that existed
   in the previous version of Apache Tomcat.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the following names to the security issues fixed in
   Apache Tomcat 6.0.20: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580,
   CVE-2009-0781, CVE-2009-0783.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the following names to the security issues fixed in
   Apache Tomcat 6.0.18:  CVE-2008-1232, CVE-2008-1947, CVE-2008-2370.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the following names to the security issues fixed in
   Apache Tomcat 6.0.16:  CVE-2007-5333, CVE-2007-5342, CVE-2007-5461,
   CVE-2007-6286, CVE-2008-0002.

   The following table lists what action remediates the vulnerability
   (column 4) if a solution is available.

   VMware        Product   Running  Replace with/
   Product       Version   on       Apply Patch
   ========      ========  =======  =======================
   vCenter       4.0       Windows  Update 1
   VirtualCenter 2.5       Windows  affected, patch pending
   VirtualCenter 2.0.2     Windows  affected, patch pending

   Workstation   any       any      not affected

   Player        any       any      not affected

   ACE           any       Windows  not affected

   Server        2.x       any      affected, patch pending
   Server        1.x       any      not affected

   Fusion        any       Mac OS/X not affected

   ESXi          any       ESXi     not affected

   ESX           4.0       ESX      ESX400-200911223-UG
   ESX           3.5       ESX      affected, patch pending
   ESX           3.0.3     ESX      affected, patch pending
   ESX           2.5.5     ESX      not affected

   vMA           4.0       RHEL5    not affected

    Notes: These vulnerabilities can be exploited remotely only if the
           attacker has access to the Service Console network.

           Security best practices provided by VMware recommend that the
           Service Console be isolated from the VM network. Please see
           http://www.vmware.com/resources/techresources/726 for more
           information on VMware security best practices.

           The currently installed version of Tomcat depends on
           your patch deployment history.

 c. Third party library update for ntp.

   The Network Time Protocol (NTP) is used to synchronize a computer's
   time with a referenced time source.

   ESXi 3.5 and ESXi 4.0 have a ntp client that is affected by the
   following security issue. Note that the same security issue is
   present in the ESX Service Console as described in section d. of
   this advisory.

   A buffer overflow flaw was discovered in the ntpd daemon's NTPv4
   authentication code. If ntpd was configured to use public key
   cryptography for NTP packet authentication, a remote attacker could
   use this flaw to send a specially-crafted request packet that could
   crash ntpd or, potentially, execute arbitrary code with the
   privileges of the "ntp" user.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2009-1252 to this issue.

   The NTP security issue identified by CVE-2009-0159 is not relevant
   for ESXi 3.5 and ESXi 4.0.

   The following table lists what action remediates the vulnerability
   in this component (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    vCenter        any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           4.0       ESXi     ESXi400-200911201-UG
    ESXi           3.5       ESXi     affected, patch pending

    ESX            4.0       ESX      not affected
    ESX            3.5       ESX      not affected
    ESX            3.0.3     ESX      not affected
    ESX            2.5.5     ESX      not affected

    vMA            4.0       RHEL5    not affected

  * hosted products are VMware Workstation, Player, ACE, Server, Fusion.

 d. Service Console update for ntp

   Service Console package ntp updated to version ntp-4.2.2pl-9.el5_3.2

   The Network Time Protocol (NTP) is used to synchronize a computer's
   time with a referenced time source.

   The Service Console present in ESX is affected by the following
   security issues.

   A buffer overflow flaw was discovered in the ntpd daemon's NTPv4
   authentication code. If ntpd was configured to use public key
   cryptography for NTP packet authentication, a remote attacker could
   use this flaw to send a specially-crafted request packet that could
   crash ntpd or, potentially, execute arbitrary code with the
   privileges of the "ntp" user.

   NTP authentication is not enabled by default on the Service Console.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2009-1252 to this issue.

   A buffer overflow flaw was found in the ntpq diagnostic command. A
   malicious, remote server could send a specially-crafted reply to an
   ntpq request that could crash ntpq or, potentially, execute
   arbitrary code with the privileges of the user running the ntpq
   command.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2009-0159 to this issue.

   The following table lists what action remediates the vulnerability
   in the Service Console (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    vCenter        any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           any       ESXi     not affected

    ESX            4.0       ESX      ESX400-200911238-SG
    ESX            3.5       ESX      affected, patch pending **
    ESX            3.0.3     ESX      affected, patch pending **
    ESX            2.5.5     ESX      affected, patch pending **

    vMA            4.0       RHEL5    Patch 2

  * hosted products are VMware Workstation, Player, ACE, Server, Fusion.

  ** The service consoles of ESX 2.5.5, ESX 3.0.3 and ESX 3.5 are not
affected
     by CVE-2009-1252. The security issue identified by CVE-2009-0159 has a
     low impact on the service console of ESX 2.5.5, ESX 3.0.3 and ESX 3.5.

 e. Updated Service Console package kernel

    Updated Service Console package kernel addresses the security
    issues below.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2008-3528, CVE-2008-5700, CVE-2009-0028,
    CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676,
    CVE-2009-0778 to the security issues fixed in kernel
    2.6.18-128.1.6.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2008-4307, CVE-2009-0834, CVE-2009-1337,
    CVE-2009-0787, CVE-2009-1336 to the security issues fixed in
    kernel 2.6.18-128.1.10.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2009-1439, CVE-2009-1633, CVE-2009-1072,
    CVE-2009-1630, CVE-2009-1192 to the security issues fixed in
    kernel 2.6.18-128.1.14.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2007-5966, CVE-2009-1385, CVE-2009-1388,
    CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407 to the
    security issues fixed in kernel 2.6.18-128.4.1.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2009-2692, CVE-2009-2698 to the
    security issues fixed in kernel 2.6.18-128.7.1.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2009-0745, CVE-2009-0746, CVE-2009-0747,
    CVE-2009-0748, CVE-2009-2847, CVE-2009-2848 to the security issues
    fixed in kernel 2.6.18-164.

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    vCenter        any       Windows  not applicable

    hosted *       any       any      not applicable

    ESXi           any       ESXi     not applicable

    ESX            4.0       ESX      ESX400-200911201-UG
    ESX            3.5       ESX      not applicable
    ESX            3.0.3     ESX      not applicable
    ESX            2.5.5     ESX      not applicable

    vMA            4.0       RHEL5    Patch 2 **

  * hosted products are VMware Workstation, Player, ACE, Server, Fusion.

  ** vMA is updated to kernel version 2.6.18-164.

 f. Updated Service Console package python

    Service Console package Python update to version 2.4.3-24.el5.

    When the assert() system call was disabled, an input sanitization
    flaw was revealed in the Python string object implementation that
    led to a buffer overflow. The missing check for negative size values
    meant the Python memory allocator could allocate less memory than
    expected. This could result in arbitrary code execution with the
    Python interpreter's privileges.

    Multiple buffer and integer overflow flaws were found in the Python
    Unicode string processing and in the Python Unicode and string
    object implementations. An attacker could use these flaws to cause
    a denial of service.

    Multiple integer overflow flaws were found in the Python imageop
    module. If a Python application used the imageop module to
    process untrusted images, it could cause the application to
    disclose sensitive information, crash or, potentially, execute
    arbitrary code with the Python interpreter's privileges.

    Multiple integer underflow and overflow flaws were found in the
    Python snprintf() wrapper implementation. An attacker could use
    these flaws to cause a denial of service (memory corruption).

    Multiple integer overflow flaws were found in various Python
    modules. An attacker could use these flaws to cause a denial of
    service.

    An integer signedness error, leading to a buffer overflow, was
    found in the Python zlib extension module. If a Python application
    requested the negative byte count be flushed for a decompression
    stream, it could cause the application to crash or, potentially,
    execute arbitrary code with the Python interpreter's privileges.

    A flaw was discovered in the strxfrm() function of the Python
    locale module. Strings generated by this function were not properly
    NULL-terminated, which could possibly cause disclosure of data
    stored in the memory of a Python application using this function.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2007-2052 CVE-2007-4965 CVE-2008-1721
    CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143
    CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 to these issues.

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    vCenter        any       Windows  not applicable

    hosted *       any       any      not applicable

    ESXi           any       ESXi     not applicable

    ESX            4.0       ESX      ESX400-200911235-SG
    ESX            3.5       ESX      affected, patch pending
    ESX            3.0.3     ESX      affected, patch pending
    ESX            2.5.5     ESX      affected, patch pending

    vMA            4.0       RHEL5    Patch 2

  * hosted products are VMware Workstation, Player, ACE, Server, Fusion.

 g. Updated Service Console package bind

    Service Console package bind updated to version 9.3.6-4.P1.el5

    The Berkeley Internet Name Domain (BIND) is an implementation of the
    Domain Name System (DNS) protocols. BIND includes a DNS server
    (named); a resolver library (routines for applications to use when
    interfacing with DNS); and tools for verifying that the DNS server
    is operating correctly.

    A flaw was found in the way BIND handles dynamic update message
    packets containing the "ANY" record type. A remote attacker could
    use this flaw to send a specially-crafted dynamic update packet
    that could cause named to exit with an assertion failure.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2009-0696 to this issue.

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    vCenter        any       Windows  not applicable

    hosted *       any       any      not applicable

    ESXi           any       ESXi     not applicable

    ESX            4.0       ESX      ESX400-200911237-SG
    ESX            3.5       ESX      affected, patch pending
    ESX            3.0.3     ESX      affected, patch pending
    ESX            2.5.5     ESX      affected, patch pending

    vMA            4.0       RHEL5    Patch 2

  * hosted products are VMware Workstation, Player, ACE, Server, Fusion.

 h. Updated Service Console package libxml2

    Service Console package libxml2 updated to version 2.6.26-2.1.2.8.

    libxml is a library for parsing and manipulating XML files. A
    Document Type Definition (DTD) defines the legal syntax (and also
    which elements can be used) for certain types of files, such as XML
    files.

    A stack overflow flaw was found in the way libxml processes the
    root XML document element definition in a DTD. A remote attacker
    could provide a specially-crafted XML file, which once opened by a
    local, unsuspecting user, would lead to denial of service.

    Multiple use-after-free flaws were found in the way libxml parses
    the Notation and Enumeration attribute types. A remote attacker
    could provide a specially-crafted XML file, which once opened by a
    local, unsuspecting user, would lead to denial of service.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2009-2414 and CVE-2009-2416 to these
    issues.

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    vCenter        any       Windows  not applicable

    hosted *       any       any      not applicable

    ESXi           any       ESXi     not applicable

    ESX            4.0       ESX      ESX400-200911234-SG
    ESX            3.5       ESX      affected, patch pending
    ESX            3.0.3     ESX      affected, patch pending
    ESX            2.5.5     ESX      affected, patch pending

    vMA            4.0       RHEL5    Patch 2

  * hosted products are VMware Workstation, Player, ACE, Server, Fusion.

 i. Updated Service Console package curl

    Service Console package curl updated to version 7.15.5-2.1.el5_3.5

    A cURL is affected by the previously published "null prefix attack",
    caused by incorrect handling of NULL characters in X.509
    certificates. If an attacker is able to get a carefully-crafted
    certificate signed by a trusted Certificate Authority, the attacker
    could use the certificate during a man-in-the-middle attack and
    potentially confuse cURL into accepting it by mistake.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2009-2417 to this issue

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    vCenter        any       Windows  not applicable

    hosted *       any       any      not applicable

    ESXi           any       ESXi     not applicable

    ESX            4.0       ESX      ESX400-200911232-SG
    ESX            3.5       ESX      not affected
    ESX            3.0.3     ESX      not affected
    ESX            2.5.5     ESX      not affected

    vMA            4.0       RHEL5    Patch 2

  * hosted products are VMware Workstation, Player, ACE, Server, Fusion.

 j. Updated Service Console package gnutls

    Service Console package gnutil updated to version 1.4.1-3.el5_3.5

    A flaw was discovered in the way GnuTLS handles NULL characters in
    certain fields of X.509 certificates. If an attacker is able to get
    a carefully-crafted certificate signed by a Certificate Authority
    trusted by an application using GnuTLS, the attacker could use the
    certificate during a man-in-the-middle attack and potentially
    confuse the application into accepting it by mistake.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2009-2730 to this issue

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    vCenter        any       Windows  not applicable

    hosted *       any       any      not applicable

    ESXi           any       ESXi     not applicable

    ESX            4.0       ESX      ESX400-200911233-SG
    ESX            3.5       ESX      not affected
    ESX            3.0.3     ESX      not affected
    ESX            2.5.5     ESX      not affected

    vMA            4.0       RHEL5    Patch 2

  * hosted products are VMware Workstation, Player, ACE, Server, Fusion.

4. Solution

   Please review the patch/release notes for your product and version
   and verify the md5sum of your downloaded file.


   VMware vCenter Server 4 Update 1
   --------------------------------
   Version       4.0 Update 1
   Build Number  208156
   Release Date  2009/11/19
   Type          Product Binaries
   http://downloads.vmware.com/download/download.do?downloadGroup=VC40U1

   VMware vCenter Server 4 and modules
   File size: 1.8 GB
   File type: .iso
   MD5SUM: 057d55b32eb27fe5f3e01bc8d3df3bc5
   SHA1SUM: c90134418c2e4d3d6637d8bee44261300ad95ec1

   VMware vCenter Server 4 and modules
   File size: 1.5 GB
   File type: .zip
   MD5SUM: f843d9c19795eb3bc5a77f5c545468a8
   SHA1SUM: 9a7abd8e70bd983151e2ee40e1b3931525c4480c

   VMware vSphere Client and Host Update Utility
   File size: 113.8 MB
   File type: .exe
   MD5SUM: 6cc6b2c958e7e9529c284e48dfae22a9
   SHA1SUM: f4c19c63a75d93cffc57b170066358160788c959

   VMware vCenter Converter BootCD
   File size: 98.8 MB
   File type: .zip
   MD5SUM: 3df94eb0e93de76b0389132ada2a3799
   SHA1SUM: 5d7c04e4f9f8ae25adc8de5963fefd8a4c92464c

   VMware vCenter Converter CLI (Linux)
   File size: 36.9 MB
   File type: .tar.gz
   MD5SUM: 3766097563936ba5e03e87e898f6bd48
   SHA1SUM: 36d485bdb5eb279296ce8c8523df04bfb12a2cb4


   ESXi 4.0 Update 1
   -----------------
   ESXi400-200911201-UG

https://hostupdate.vmware.com/software/VUM/OFFLINE/release-155-20091116-013169/ESXi-4.0.0-update01.zip
   md5sum:c6fdd6722d9e5cacb280bdcc2cca0627
   sha1sum:de9d4875f86b6493f9da991a8cff37784215db2e
   http://kb.vmware.com/kb/1014886

   NOTE: The three ESXi patches for Firmware, VMware Tools, and the
         VI Client "C" are contained in a single download file.


   ESX 4.0 Update 1
   ----------------

https://hostupdate.vmware.com/software/VUM/OFFLINE/release-158-20091118-187517/ESX-4.0.0-update01.zip
   md5sum: 68934321105c34dcda4cbeeab36a2b8f
   sha1sum: 0d8ae58cf9143d5c7113af9692dea11ed2dd864b
   http://kb.vmware.com/kb/1014842

   To install an individual bulletin use esxupdate with the -b option.
   esxupdate --bundle=ESX-4.0.0-update01.zip -b ESX400-200911223-UG
   -b ESX400-200911238-SG -b ESX400-200911201-UG -b ESX400-200911235-SG
   -b ESX400-200911237-SG -b ESX400-200911234-SG -b ESX400-200911232-SG
   -b ESX400-200911233-SG update


5. References

   CVE numbers
   --- JRE ---
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1102
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1105
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1106
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2670
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2672
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2676
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2716
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2718
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2719
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2720
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2721
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2722
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2723
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2724
   --- Tomcat ---
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002
   --- ntp ---
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159
   --- kernel ---
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3528
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5700
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0269
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0322
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0675
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0778
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4307
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0834
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1337
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0787
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1336
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1439
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1633
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1072
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1630
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1192
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5966
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1385
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1388
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1389
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1895
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2406
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2407
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2698
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0745
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0746
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0747
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0748
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2848
   --- python ---
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3143
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5031
   --- bind ---
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696
   --- libxml and libxml2 ---
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416
   --- curl --
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417
   --- gnutil ---
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052


- ------------------------------------------------------------------------
6. Change log

2009-11-20  VMSA-2009-0016
Initial security advisory after release of vCenter 4.0 Update 1 and
ESX 4.0 Update 1 on 2009-11-19 and release of vMA Patch 2 on 2009-11-23.

- -----------------------------------------------------------------------
7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  * security-announce at lists.vmware.com
  * bugtraq at securityfocus.com
  * full-disclosure at lists.grok.org.uk

E-mail:  security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/lifecycle/

Copyright 2009 VMware Inc.  All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAksHAooACgkQS2KysvBH1xmQMACfTEcnuPanvucXPmgJCTT054o+
dtoAniXz+9xLskrkPr3oUzAcDeV729WG
=wSRz
-----END PGP SIGNATURE-----

Attachment: 0xF047D719.asc
Description:

Attachment: 0xF047D719.asc.sig
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components VMware Security Team (Nov 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault