VMware
 

Knowledge Base

Search the Knowledge Base:
Products:
Search In:
 

VMware ESX Server 3.0.3, ESX303-200903406-SG: Updated Service Console Package OpenSSL 0.9.7a-33.25

Details

Release Date: 03/31/09
Document Last Updated: 03/31/09
 

45a2d32f9267deb5e743366c38652c92
Product Versions
ESX Server 3.0.3
Patch Classification
Security
Supersedes
None
Requires
Virtual Machine Migration or Reboot Required
No
ESX Server Host Reboot Required
No
PRs Fixed
362844
Affected Hardware
None
Affected Software
OpenSSL library
RPMs Included
openssl
Related CVE numbers
CVE-2008-5077

Solution

Summary

OpenSSL 0.9.7a-33.24 and earlier does not properly check the return value from the EVP_VerifyFinal function, which could allow a remote attacker to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.

This patch fixes this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-5077 to this issue.

Deployment Considerations

None 

Patch Download and Installation    

See the VMware Update Manager Administration Guide for instructions on using VMware Update Manager to download and install patches to automatically update ESX Server 3.0.3 hosts.

To update ESX Server 3.0.3 hosts when not using VMware Update Manager, download the most recent patch bundle from http://support.vmware.com/selfsupport/download/ and install the bundle using esxupdate from the command line of the host. For more information, see the ESX Server 3 Patch Management Guide .

Feedback

Rating: 1 - Lowest 2 3 4 5 - Highest (0 Ratings)   

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (2000 or fewer characters)
Submit
Rating: 1 - Lowest 2 3 4 5 - Highest (0 Ratings)   
Actions
  • KB Article: 1008416
  • Updated: Aug 14, 2009
  • Products:
    VMware ESX
  • Product Versions:
    VMware ESX 3.0.x