Release Date: October 01, 2014
Product Version | ESX 4.1 |
Patch Classification | Security See KB 2014447 if using Update Manager 5.0 |
Build Information | For build information, see KB 2090859. |
Host Reboot Required | Yes |
Virtual Machine Migration or Shutdown Required | Yes |
PRs Fixed | 1329464 |
Affected Hardware | N/A |
Affected Software | N/A |
VIBs Included | bash |
Related CVE numbers | CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187 |
This patch updates Bash libraries in ESX to resolve multiple critical security issues, also referred to as Shellshock. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187 to this issue.
ESX might use the Bash shell which is part of the Linux operating system. In case the operating system has a vulnerable version of Bash, the Bash security vulnerability might be exploited through ESX.
Note:
None beyond the required patch bundles and reboot information listed in the table above.
See the VMware vCenter Update Manager Administration Guide for instructions on using Update Manager to download and install patches to automatically update ESX 4.1 hosts.
To update ESX 4.1 hosts when not using Update Manager, download the patch ZIP file from http://support.vmware.com/selfsupport/download/ and install the bulletin using esxupdate from the command line of the host. For more information, see the ESX 4.1 Patch Management Guide.