Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

VMware ESX Server 3.5, Patch ESX350-200803214-UG: Security Update for the e2fsprogs, libxml, net-snmp, and pcre packages (1003721)

Details

Release Date: 10 APR 2008

 

Download Size:
3.9 MB
Download Filename:
ESX350-200803214-UG.zip
md5sum:
9ff7b416afed3acfbfbb5d1d63ca5060


Product Versions ESX Server 3.5
Patch Classification Update
Supersedes None
Requires ESX350-200803208-UG
Virtual Machine Migration or Reboot Required Yes
ESX Server Host Reboot Required Yes
PRs Fixed

229126, 236012, 236021, 236025

Affected Hardware N/A
Affected Software N/A
RPMs Included e2fsprogs
libxml2
libxml2-python
net-snmp
net-snmp-libs
net-snmp-utils
pcre
Related CVE numbers

CVE-2007-5497
CVE-2007-6284
CVE-2006-7228
CVE-2007-5846
CVE-2007-1660

 

Summary

This bundle provides security updates to the e2fsprogs, libxml, net-snmp, and pcre packages used in the ESX Server service console.

The patch fixes the following security issues:

  • Service console updates for the e2fsprogs package to address multiple integer overflow flaws.
    Thanks to Rafal Wojtczuk of McAfee Avert Research for identifying and reporting this issue.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2007-5497 to this issue.

  • The libxml2 packages provide a library to manipulate XML files. The package includes support to read, modify, and write XML files. A denial of service flaw was found in the way libxml2 processes certain content. If an application linked against libxml2 processes malformed XML content, the XML content might cause the application to stop responding.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2007-6284 to this issue.

  • A flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port could send a malicious packet causing snmpd to crash, resulting in a denial of service.”

    The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2007-5846 to this issue.

  • An integer overflow issue with the way Python's Perl-Compatible Regular Expression (PCRE) module handles certain regular expressions. If a Python application uses the PCRE module to compile and execute untrusted regular expressions, it might be possible to cause the application to crash, or to execute arbitrary code with the privileges of the Python interpreter.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-1660 and CVE-2006-7228 to this issue.

Solution

Symptoms

There are no symptoms available for the updates provided by this patch.

Deployment Considerations

None.

Patch Download and Installation

For information on using VMware Update Manager to automatically update ESX Server 3.5 hosts see the VMware Update Manager Administration Guide for instructions on using Update Manager to download and install patches.

To update ESX Server 3.5 hosts when not using Update Manager, download the most recent patch bundle from http://www.vmware.com/download/vi/vi3_patches_35.html and install the bundle using the the esxupdate tool from the command line of the host. For more information on using esxupdate to manage patches on ESX Server 3.5 hosts, see the ESX Server 3 Patch Management Guide.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 1 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 1 Ratings
Actions
KB: