Knowledge Base

This patch updates the Certificate Revocation List (CRL) to revoke an RSA key that HP uses for code-signing certain software components. HP server contains a new key pair and has re-signed the affected software components with the new key.
On an HP system, if you apply this patch and then restart the ESX host, you must update the software components to the version signed with the new key. You can download the HP Management Agent for VMware ESX 4.x (hpmgmt-8.7.0-vmware4x.tgz) from the HP Web site. If you do not restart the host, it continues to work with the currently installed and loaded software. However, the ESX host rejects software signed with the revoked key and logs a warning if the system loads any kernel module signed with the revoked key. This might cause certain HP features to fail.

 

This patch also resolves an issue where the ESX host might lose connection with the vCenter Server intermittently due to socket exhaustion.
By sending malicious network traffic to an ESX host, an attacker might exhaust the available sockets and prevent further connections to the host. In this scenario, a host becomes inaccessible, its virtual machines continue to run and have network connectivity but a reboot of the ESX host might be required to connect to the machine again. The ESX host might intermittently lose connectivity caused by applications that do not correctly close sockets. If this occurs, an error message similar to the following might be written to the vpxa log file:
socket() returns -1 (Cannot allocate memory)
An error message similar to the following might be written to the VMkernel log file:
socreate(type=2, proto=17) failed with error 55

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2011-1785 to this issue.

 

In addition, this patch improves the way shared folders are handled.