VMware ESX 3.5, Patch ESX350-200811405-SG: Security Update to libxml2 in Service Console (1007503)
Release Date: 12-02-2008
Summaries and Symptoms
This patch updates the service console to resolve the following security issues:
A denial of service flaw was found in the way libxml2 processes certain content. If an application linked against libxml2 processes malformed XML content, it could cause the application to stop responding.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-3281 to this issue.
A heap-based buffer overflow flaw was found in the way libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-3529 to this issue.
If you are remediating your ESX system using Update Manager 1.0 Update 1 or earlier, see http://kb.vmware.com/kb/1007923.
Patch Download and Installation
See the VMware Update Manager Administration Guide for instructions on using Update Manager to download and install patches to automatically update ESX Server 3.5 hosts.
To update ESX Server 3.5 hosts when not using Update Manager, download the most recent patch bundle from http://support.vmware.com/selfsupport/download/ and install the bundle using esxupdate from the command line of the host. For more information, see the ESX Server 3 Patch Management Guide.