VMware ESX 4.1, Patch ESX410-201410401-SG: Updates bash
Article ID: 329240
Updated On:
Products
Issue/Introduction
Release Date: October 01, 2014
| Product Version | ESX 4.1 |
| Patch Classification | Security See KB 2014447 if using Update Manager 5.0 |
| Build Information | For build information, see KB 2090859. |
| Host Reboot Required | Yes |
| Virtual Machine Migration or Shutdown Required | Yes |
| PRs Fixed | 1329464 |
| Affected Hardware | N/A |
| Affected Software | N/A |
| VIBs Included | bash |
| Related CVE numbers | CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187 |
Resolution
Summaries and Symptoms
This patch updates Bash libraries in ESX to resolve multiple critical security issues, also referred to as Shellshock. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187 to this issue.
ESX might use the Bash shell which is part of the Linux operating system. In case the operating system has a vulnerable version of Bash, the Bash security vulnerability might be exploited through ESX.
Note:
- Applications installed on Windows are not affected.
- Applications installed on a Linux operating system that is not part of a virtual appliance might be at risk. Contact the vendor of your Linux-based operating system for advice and patches.
Deployment Considerations
None beyond the required patch bundles and reboot information listed in the table above.
Patch Download and Installation
See the VMware vCenter Update Manager Administration Guide for instructions on using Update Manager to download and install patches to automatically update ESX 4.1 hosts.
To update ESX 4.1 hosts when not using Update Manager, download the patch ZIP file from http://support.vmware.com/selfsupport/download/ and install the bulletin using esxupdate from the command line of the host. For more information, see the ESX 4.1 Patch Management Guide.
Feedback
