The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
Remediation steps on critical updates to Horizon Workspace Server regarding CVE-­2014-­0160 Heartbleed vulnerability (2076551)
The patch must be applied immediately to fix the critical security vulnerability reported in CVE-2014-0160. Details on this vulnerability can be found in VMware Security Advisory VMSA-2014-0004.
This advisory applies to these releases:
- Horizon Workspace Server 1.5.x
- Horizon Workspace Server 1.8.0
This patch updates the OpenSSL library to version 1.0.1g.
|Product Name||Version||Patch File||Checksum|
|Horizon Workspace Server||1.5.x||
||MD5 = |
|Horizon Workspace Server||1.8.0||
||MD5 = |
- Download the appropriate patch file for your Horizon Workspace Server version.
- Copy the patch file to all gateway-va machines in your Horizon Workspace vApp.
- Log in to a gateway-va machine as root.
- Run this command to install the required software:
rpm –U patch_file_name
- Restart the nginx service by running the command:
- Repeat steps 2 to 5 for all gateway-va machines in your Horizon Workspace vApp.
Post installation stepsAfter you have patched all your servers, review your system for what may have been compromised and take appropriate steps:
If your Horizon Workspace FQDN SSL traffic is being terminated by gateway-va:
- Re-generate the SSL certificate. Contact your SSL certificate vendor for details.
- Install a new SSL certificate on gateway-va. For more information, see the Apply an SSL Certificate from a Major or Private Certificate Authority section in Installing and Configuring Horizon Workspace.
- Revoke the old SSL certificate. Contact your SSL certificate vendor for details.
- Contact your load balancer vendor to determine steps necessary to address the OpenSSL vulnerability.
- Re-generate the gateway SSL certificate using these steps:
- Log in to the configurator-va machine as root.
- Run this command to generate the new certificate:
/usr/local/horizon/lib/menu/secure/wizardssl.hzn --makesslcert gateway-va FQDN
- Run this command to install the new certificate:
Note: If the problem persists after completing the steps in this article, file a support request with VMware Support and note this KB article ID (2076551) in the problem description. For more information, see Filing a Support Request in My VMware (2006985).For information on Horizon Workspace Clients see Remediation steps for critical updates to Horizon Workspace Clients regarding CVE-2014-0160 Heartbleed vulnerability (2076783).
Request a Product Feature
To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.