what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

VMware Security Advisory 2012-0003

VMware Security Advisory 2012-0003
Posted Mar 9, 2012
Authored by VMware | Site vmware.com

VMware Security Advisory 2012-0003 - Oracle (Sun) JRE is updated to version 1.5.0_32, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE.

tags | advisory
SHA-256 | 4b52214f2d43fc658b10bec8235995d1092c689bcc2e0dde7f2fa550b01a2c66

VMware Security Advisory 2012-0003

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

-----------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2012-0003
Synopsis: VMware VirtualCenter Update and ESX 3.5 patch update JRE
Issue date: 2012-03-08
Updated on: 2012-03-08 (initial advisory)
CVE numbers: See references
-----------------------------------------------------------------------

1. Summary

VMware VirtualCenter Update 6b and ESX 3.5 patch update JRE.

2. Relevant releases

VirtualCenter 2.5 previous to Update 6b

ESX 3.5 without patch ESX350-201203401-SG

3. Problem Description

a. VirtualCenter and ESX, Oracle (Sun) JRE update 1.5.0_32

Oracle (Sun) JRE is updated to version 1.5.0_32, which addresses
multiple security issues that existed in earlier releases of Oracle
(Sun) JRE.

Oracle has documented the CVE identifiers that are addressed in
JRE 1.5.0_32 in the Oracle Java SE Critical Patch Update Advisory of
October 2011.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 5.0 Windows not applicable **
vCenter 4.1 Windows not applicable **
vCenter 4.0 Windows patch pending
VirtualCenter 2.5 Windows VirtualCenter 2.5 Update 6b

hosted * any any not affected

ESXi any ESXi not affected

ESX 4.1 ESX not applicable **
ESX 4.0 ESX patch pending
ESX 3.5 ESX ESX350-201203401-SG

* hosted products are VMware Workstation, Player, ACE, Fusion.

** this product uses the Oracle (Sun) JRE 1.6.0 family


4. Solution

VMware Virtual Center 2.5 Update 6b
-----------------------------------
Version 2.5 Update 6b
Build Number 598800
Release Date 2012/03/08
Type Product Binaries

http://www.vmware.com/download/download.do?downloadGroup=VC250U6B

vCenter Server DVD image - English only version
File type: iso
MD5SUM: 085f7bddd2adf2c4ba5bd066271e2b06
SHA1SUM: 019ff0a67d150d0a3dbdac53bfde0b0eb69f9bfd

vCenter Server as a Zip file - English only version
File type: zip
MD5SUM: ee15ae73a66dd9dbc27fada476656aeb
SHA1SUM: a5c25d114d42f1aae11d7c741587cf57caff72a3

VMware vCenter Converter BootCD for vCenter Server
File type: .zip
Version: 4.0.3
MD5SUM: e49e0ff0f2563196cc5d4b5c471cd666

VMware vCenter Converter CLI for Linux platform
File type: .tar.gz
Version: 4.0.3
MD5SUM: 30d1f5e58a6cad8dacd988908305bc1c

ESX 3.5
-------

ESX350-201203401-SG
http://downloads.vmware.com/go/selfsupport-download
md5sum: 07743c471ce46de825c36c2277ccd500
sha1sum: cb77e6f820e1015311bf2386b240fd84f0ad04dd
http://kb.vmware.com/kb/2009155


5. References

Oracle Java SE Critical Patch Update Advisory of October 2011

http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.htm
l

-----------------------------------------------------------------------

6. Change log

2012-03-08 VMSA-2012-0003
Initial security advisory in conjunction with the release of
VirtualCenter Update 6b and patches for ESX 3.5 and ESXi 3.5 on
2012-03-08.
-----------------------------------------------------------------------

7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2012 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFPWaMMDEcm8Vbi9kMRAtEjAKCEIjr/8dy4abVO2magvY7W6QbgewCgozns
iu22JTXmAi9YTK8/LL/gmIM=
=A49E
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    4 Files
  • 19
    Aug 19th
    12 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close