exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

VMware Security Advisory 2010-0001

VMware Security Advisory 2010-0001
Posted Jan 7, 2010
Authored by VMware | Site vmware.com

VMware Security Advisory - Service console packages for Network Security Services (NSS) and NetScape Portable Runtime (NSPR) are updated to versions nss-3.12.3.99.3-1.2157 and nspr-4.7.6-1.2213 respectively. This patch fixes several security issues in the service console packages for NSS and NSPR.

tags | advisory
advisories | CVE-2009-2409, CVE-2009-2408, CVE-2009-2404, CVE-2009-1563, CVE-2009-3274, CVE-2009-3370, CVE-2009-3372, CVE-2009-3373, CVE-2009-3374, CVE-2009-3375, CVE-2009-3376, CVE-2009-3380, CVE-2009-3382
SHA-256 | 750bfc5b2e28a67af487861fbcc96e099b1881a6cbe999078d4626cf32cfde37

VMware Security Advisory 2010-0001

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2010-0001
Synopsis: ESX Service Console updates for nss and nspr
Issue date: 2010-01-06
Updated on: 2010-01-06 (initial release of advisory)
CVE numbers: CVE-2009-2409 CVE-2009-2408 CVE-2009-2404
CVE-2009-1563 CVE-2009-3274 CVE-2009-3370
CVE-2009-3372 CVE-2009-3373 CVE-2009-3374
CVE-2009-3375 CVE-2009-3376 CVE-2009-3380
CVE-2009-3382
- -----------------------------------------------------------------------
1. Summary

Update for Service Console packages nss and nspr

2. Relevant releases

VMware ESX 4.0 without patch ESX400-200912403-SG

3. Problem Description

a. Update for Service Console packages nss and nspr

Service console packages for Network Security Services (NSS) and
NetScape Portable Runtime (NSPR) are updated to versions
nss-3.12.3.99.3-1.2157 and nspr-4.7.6-1.2213 respectively. This
patch fixes several security issues in the service console
packages for NSS and NSPR.

The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the names CVE-2009-2409, CVE-2009-2408, CVE-2009-2404,
CVE-2009-1563, CVE-2009-3274, CVE-2009-3370, CVE-2009-3372,
CVE-2009-3373, CVE-2009-3374, CVE-2009-3375, CVE-2009-3376,
CVE-2009-3380, and CVE-2009-3382 to these issues.

The following table lists what action remediates the vulnerability
(column 4) if a solution is available.

VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected

hosted * any any not affected

ESXi any ESXi not affected

ESX 4.0 ESX ESX400-200912403-SG
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected

vMA 4.0 RHEL5 affected, patch pending

* hosted products are VMware Workstation, Player, ACE, Server, Fusion.

4. Solution

Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.

ESX 4.0
-------
ESX400-200912403-SG

https://hostupdate.vmware.com/software/VUM/OFFLINE/release-181-20091231-153046/ESX400-200912001.zip
md5sum: 78c6cf139b7941dc736c9d3a41deae77
sha1sum: 36df3a675fbd3c8c8830f00637e37ee716bdac59
http://kb.vmware.com/kb/1016293

To install an individual bulletin use esxupdate with the -b option.
esxupdate --bundle=ESX400-200912001.zip -b ESX400-200912403-SG
update

5. References

CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3382

- ------------------------------------------------------------------------
6. Change log

2010-01-06 VMSA-2010-0001
Initial security advisory after release of patch ESX400-200912403-SG
for ESX 4.0 on 2010-01-06.

- -----------------------------------------------------------------------
7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2010 VMware Inc. All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)

iD8DBQFLRYwLS2KysvBH1xkRArmBAJoDcO5waCyCE+lfmEwuILVjcqeLngCcCzNo
HgNlBjOx5iQw7etlwwpbyuo=
=bIJJ
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close