Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Service Console
From: VMware Security Team <security () vmware com>
Date: Mon, 30 Jan 2012 22:57:40 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 ----------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID: VMSA-2012-0001
Synopsis:    VMware ESXi and ESX updates to third party library
             and ESX Service Console
Issue date:  2012-01-30
Updated on:  2012-01-30 (initial advisory)

CVE numbers: --- COS Kernel ---
             CVE-2011-0726, CVE-2011-1078, CVE-2011-1079,
             CVE-2011-1080, CVE-2011-1093, CVE-2011-1163,
             CVE-2011-1166, CVE-2011-1170, CVE-2011-1171,
             CVE-2011-1172, CVE-2011-1494, CVE-2011-1495,
             CVE-2011-1577, CVE-2011-1763, CVE-2010-4649,
             CVE-2011-0695, CVE-2011-0711, CVE-2011-1044,
             CVE-2011-1182, CVE-2011-1573, CVE-2011-1576,
             CVE-2011-1593, CVE-2011-1745, CVE-2011-1746,
             CVE-2011-1776, CVE-2011-1936, CVE-2011-2022,
             CVE-2011-2213, CVE-2011-2492, CVE-2011-1780,
             CVE-2011-2525, CVE-2011-2689, CVE-2011-2482,
             CVE-2011-2491, CVE-2011-2495, CVE-2011-2517,
             CVE-2011-2519, CVE-2011-2901
             --- COS cURL ---
             CVE-2011-2192
             --- COS rpm ---
             CVE-2010-2059, CVE-2011-3378
             --- COS samba ---
             CVE-2010-0547, CVE-2010-0787, CVE-2011-1678,
             CVE-2011-2522, CVE-2011-2694
             --- COS python ---
             CVE-2009-3720, CVE-2010-3493, CVE-2011-1015,
             CVE-2011-1521
             --- python library ---
             CVE-2009-3560, CVE-2009-3720, CVE-2010-1634,
             CVE-2010-2089, CVE-2011-1521
 ----------------------------------------------------------------------

1. Summary

   VMware ESXi and ESX updates to third party library and ESX Service
   Console address several security issues.

2. Relevant releases

   ESXi 4.1 without patch ESXi410-201201401-SG

   ESX 4.1 without patches ESX410-201201401-SG, ESX410-201201402-SG,
                           ESX410-201201404-SG, ESX410-201201405-SG,
                           ESX410-201201406-SG, ESX410-201201407-SG

3. Problem Description

 a. ESX third party update for Service Console kernel

    The ESX Service Console Operating System (COS) kernel is updated to
    kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the
    COS kernel.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the names CVE-2011-0726, CVE-2011-1078, CVE-2011-1079,
    CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166,
    CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494,
    CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649,
    CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182,
    CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745,
    CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022,
    CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525,
    CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495,
    CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 to these issues.

    Column 4 of the following table lists the action required to
    remediate the vulnerability in each release, if a solution is
    available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    vCenter        any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           any       ESXi     not affected

    ESX            4.1       ESX      ESX410-201201401-SG
    ESX            4.0       ESX      patch pending
    ESX            3.5       ESX      not applicable

  * hosted products are VMware Workstation, Player, ACE, Fusion.

 b. ESX third party update for Service Console cURL RPM

    The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9
    resolving a security issues.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CVE-2011-2192 to this issue.

    Column 4 of the following table lists the action required to
    remediate the vulnerability in each release, if a solution is
    available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    vCenter        any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           any       ESXi     not affected

    ESX            4.1       ESX      ESX410-201201402-SG
    ESX            4.0       ESX      patch pending
    ESX            3.5       ESX      not applicable

    * hosted products are VMware Workstation, Player, ACE, Fusion.

 c. ESX third party update for Service Console nspr and nss RPMs

    The ESX Service Console (COS) nspr and nss RPMs are updated to
    nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving
    a security issues.

    A Certificate Authority (CA) issued fraudulent SSL certificates and
    Netscape Portable Runtime (NSPR) and Network Security Services (NSS)
    contain the built-in tokens of this fraudulent Certificate
    Authority. This update renders all SSL certificates signed by the
    fraudulent CA as untrusted for all uses.

    Column 4 of the following table lists the action required to
    remediate the vulnerability in each release, if a solution is
    available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    vCenter        any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           any       ESXi     not affected

    ESX            4.1       ESX      ESX410-201201404-SG
    ESX            4.0       ESX      patch pending
    ESX            3.5       ESX      not applicable

    * hosted products are VMware Workstation, Player, ACE, Fusion.

 d. ESX third party update for Service Console rpm RPMs

    The ESX Service Console Operating System (COS) rpm packages are
    updated to popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2,
    rpm-libs-4.4.2.3-22.el5_7.2 and rpm-python-4.4.2.3-22.el5_7.2
    which fixes multiple security issues.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the names CVE-2010-2059 and CVE-2011-3378 to these issues.

    Column 4 of the following table lists the action required to
    remediate the vulnerability in each release, if a solution is
    available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    vCenter        any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           any       ESXi     not affected

    ESX            4.1       ESX      ESX410-201201406-SG
    ESX            4.0       ESX      patch pending
    ESX            3.5       ESX      not applicable

    * hosted products are VMware Workstation, Player, ACE, Fusion.


 e. ESX third party update for Service Console samba RPMs

    The ESX Service Console Operating System (COS) samba packages are
    updated to samba-client-3.0.33-3.29.el5_7.4,
    samba-common-3.0.33-3.29.el5_7.4 and
    libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security
    issues in the Samba client.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the names CVE-2010-0547, CVE-2010-0787, CVE-2011-1678,
    CVE-2011-2522 and CVE-2011-2694 to these issues.

    Note that ESX does not include the Samba Web Administration Tool
    (SWAT) and therefore ESX COS is not affected by CVE-2011-2522 and
    CVE-2011-2694.

    Column 4 of the following table lists the action required to
    remediate the vulnerability in each release, if a solution is
    available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    vCenter        any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           any       ESXi     not affected

    ESX            4.1       ESX      ESX410-201201407-SG
    ESX            4.0       ESX      patch pending
    ESX            3.5       ESX      not applicable

    * hosted products are VMware Workstation, Player, ACE, Fusion.

 f. ESX third party update for Service Console python package

    The ESX Service Console (COS) python package is updated to
    2.4.3-44 which fixes multiple security issues.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the names CVE-2009-3720, CVE-2010-3493, CVE-2011-1015 and
    CVE-2011-1521 to these issues.

    Column 4 of the following table lists the action required to
    remediate the vulnerability in each release, if a solution is
    available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    vCenter        any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           any       ESXi     not affected

    ESX            4.1       ESX      ESX410-201201405-SG
    ESX            4.0       ESX      patch pending
    ESX            3.5       ESX      not applicable

    * hosted products are VMware Workstation, Player, ACE, Fusion.

 g. ESXi update to third party component python

    The python third party library is updated to python 2.5.6 which
    fixes multiple security issues.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the names CVE-2009-3560, CVE-2009-3720, CVE-2010-1634,
    CVE-2010-2089, and CVE-2011-1521 to these issues.

    Column 4 of the following table lists the action required to
    remediate the vulnerability in each release, if a solution is
    available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    vCenter        any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           5.0       ESXi     patch pending
    ESXi           4.1       ESXi     ESXi410-201201401-SG
    ESXi           4.0       ESXi     patch pending
    ESXi           3.5       ESXi     patch pending

    ESX            4.1       ESX      not affected
    ESX            4.0       ESX      not affected
    ESX            3.5       ESX      not affected

    * hosted products are VMware Workstation, Player, ACE, Fusion.


4. Solution

   Please review the patch/release notes for your product and version
   and verify the checksum of your downloaded file.

   VMware ESXi 4.1
   ---------------
   ESXi410-201201401
   http://downloads.vmware.com/go/selfsupport-download
   md5sum: BDF86F10A973346E26C9C2CD4C424E88    
   sha1sum: CC0B92869A9AAE4F5E0E5B81BEE109BCD7DA780F
   http://kb.vmware.com/kb/2009143
   ESXi410-201201401 contains ESXi410-201201401-SG

   VMware ESX 4.1
   --------------
   ESX410-201201001
   http://downloads.vmware.com/go/selfsupport-download
   md5sum: 16DF9ACD3E74BCABC2494BC23AD0927F    
   sha1sum: 1066AE1436E1A75BA3D541AB65296CFB9AB7A5CC
   http://kb.vmware.com/kb/2009142

   ESX410-201201001 contains ESX410-201201401-SG, ESX410-201201402-SG,
   ESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG and
   ESX410-201201407-SG

5. References

   CVE numbers

   --- COS Kernel ---
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0726
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1078
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1079
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1080
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1093
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1163
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1166
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1170
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1171
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1172
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1494
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1495
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1763
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4649
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0695
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0711
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1044
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1182
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1573
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1576
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1593
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1745
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1746
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1776
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1936
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2022
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2213
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2492
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1780
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2525
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2689
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2482
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2491
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2495
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2517
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2519
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2901
   --- COS cURL ---
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2192
   --- COS rpm ---
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2059
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3378
   --- COS samba ---
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0547
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0787
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1678
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694
   --- COS python ---
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3493
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1015
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521
   --- python library ---
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1634
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2089
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521

 ----------------------------------------------------------------------

6. Change log

   2012-01-30 VMSA-2012-0001
   Initial security advisory in conjunction with the release of patches
   for ESX 4.1 and ESXi 4.1 on 2012-01-30.

 ----------------------------------------------------------------------

7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  * security-announce at lists.vmware.com
  * bugtraq at securityfocus.com
  * full-disclosure at lists.grok.org.uk

E-mail:  security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2012 VMware Inc.  All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFPJ5DIDEcm8Vbi9kMRAnzCAKCmaAoDp49d61Mr1emzh/U0N8vbgACdFZk8
f2pLxi537s+ew4dvnYNWlJ8=
=OAh4
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Service Console VMware Security Team (Jan 31)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]