Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

VMware ESX 3.5 Patch ESX350-201302401-SG: Updates Apps, Tools, VMX, hostd, others (2042541)

Details

Release date: February 21, 2013

Download Size
291.1 MB

Download Filename
ESX350-201302401-SG.zip
 
md5sum
e703cb0bc3e1eaa8932a96ea96f34a00
 
sha1sum
91dcf1bf7194a289652d0904dd7af8bce0a1d2dd
 
Product
ESX 3.5
Build Information
988599
Patch Classification
Security
Supersedes
ESX350-200712405-SG
ESX350-200712410-BG
ESX350-200802305-SG
ESX350-200802401-BG
ESX350-200802411-BG
ESX350-200803215-UG
ESX350-200804402-BG
ESX350-200804403-BG
ESX350-200806404-SG
ESX350-200806405-BG
ESX350-200806812-BG
ESX350-200808217-UG
ESX350-200810215-UG
ESX350-200901404-BG
ESX350-200903223-UG
ESX350-200904201-SG
ESX350-200904408-SG
ESX350-200905402-BG
ESX350-200906406-BG
ESX350-200906408-BG
ESX350-200907403-BG
ESX350-200907404-BG
ESX350-200908402-BG
ESX350-200908406-BG
ESX350-200910403-SG
ESX350-201003403-SG
ESX350-201008409-BG
ESX350-201012402-BG
ESX350-201105402-BG
ESX350-201105406-SG
ESX350-201203402-BG
ESX350-201206401-SG
Requires
ESX350-200911201-UG
ESX350-200911207-UG
ESX350-201006401-SG
ESX350-201012401-SG
ESX350-201012405-BG
ESX350-201012410-BG
ESX350-201105403-BG
ESX350-201203401-SG
ESX350-201203403-SG
ESX350-201205401-SG
ESX350-201302402-BG
Virtual Machine Migration or Reboot Required
Yes
Host Reboot Required
Yes
PRs Fixed
825783, 840392, 951693, 961933, 993792
Affected Hardware
N/A
Affected Software
N/A
RPMs Included
VMware-esx-apps
VMware-esx-tools
VMware-esx-vmx
VMware-hostd-esx
VMware-webCenter-esx
openssl
Related CVE numbers
CVE-2012-2110, CVE-2013-1405, CVE-2013-1659

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Solution

Summaries and Symptoms

This patch adds the following enhancements or addresses the following issues:

  • The service console OpenSSL RPM is updated to version 0.9.7a.33.28 to resolve a security issue.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2110 to this issue.

  • Oracle (Sun) JRE is updated to version 1.5.0_38, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_38 in the Oracle Java SE Critical Patch Update Advisory of October 2012 at http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html

  • VMware vCenter Server, ESX contains a vulnerability in the handling of the Network File Copy (NFC) protocol. To exploit this vulnerability, an attacker must modify the NFC traffic between vCenter Server and the client or ESX and the client. Exploitation of the issue may lead to code execution.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-1659 to this issue.

  • ESX contains a vulnerability in the handling of the management authentication protocol. To exploit this vulnerability, an attacker must convince ESX to interact with a malicious server as a client. Exploitation of the issue may lead to code execution on the client system. To reduce the likelihood of exploitation, ESX should be deployed on an isolated management network.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-1405 to this issue.

  • The vSphere Client contains a vulnerability in its handling of the management authentication protocol. To exploit this vulnerability, an attacker must convince vSphere Client to interact with a malicious server. Exploitation of this issue might lead to code execution on the system where the vSphere Client is installed. To reduce the possibility of exploitation, deploy the vSphere Client in an isolated management network.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-1405 to this issue.

Deployment Considerations

None beyond the required patch bundles and reboot information listed in the table.

Patch Download and Installation

For information about how to use Update Manager to download and install patches to automatically update ESX 3.5 hosts, see the vCenter Update Manager Administration Guide.

To update ESX 3.5 hosts without using Update Manager, download the most recent patch bundle from http://www.vmware.com/download/vi/vi3_patches_35.html and install the bundle using esxupdate from the command line of the host. For more information, see the ESX Server 3 Patch Management Guide.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 0 Ratings
Actions
KB: