Knowledge Base

Summary

This patch fixes the following issues:

• Service Console package krb5 has been updated to version krb5-1.2.7-70. This fixes a input validation flaw that was found in the ASN.1 (Abstract Syntax Notation One) decoder used by MIT Kerberos. The Common Vulnerabilities and Exposures Project has assigned the name CVE-2009-0846 to this issue.

• The pam_krb5 package is upgraded to pam_krb5-1.81-1. This fixes an issue where a user authentication failure occurs under certain circumstances. For details on this issue, refer to the Red Hat advisory at https://rhn.redhat.com/errata/RHBA-2008-0813.html.

Deployment Considerations

N/A

Patch Download and Installation

Note: All virtual machines on the host must be either shut down or migrated using VMotion before applying the patch. A reboot of the ESX Server host is required after applying this patch.

See the VMware Update Manager Administration Guide for instructions on using VMware Update Manager to download and install patches to automatically update ESX Server 3.0.3 hosts.

To update ESX Server 3.0.3 hosts when not using VMware Update Manager, download the most recent patch bundle from http://support.vmware.com/selfsupport/download/ and install the bundle using esxupdate from the command line of the host. For more information, see the ESX Server 3 Patch Management Guide.