Search the VMware Knowledge Base (KB)
View by Article ID

VMware Horizon View and the Heartbleed Bug (2076796)

  • 11 Ratings

Details

The Heartbleed bug (CVE-2014-0160) is a vulnerability in the OpenSSL 1.0.1 library that enables information normally protected by SSL/TLS encryption, which is used to secure Internet communications, to be stolen. OpenSSL is open‐source software that is widely used to protect and encrypt Web communications.

How does the Heartbleed bug affect VMware Horizon View?

These components of VMware Horizon View 5.3 Feature Pack 1 uses OpenSSL 1.0.1 for TLS/SSL encryption and is therefore vulnerable to this bug:

  • In VMware Horizon View 5.3 Feature Pack 1, the HTML Access component of the Remote Experience Agent 

These Horizon View clients also use OpenSSL 1.0.1:

  • VMware Horizon View Client for Android 2.1.x, 2.2.x, 2.3.x
  • VMware Horizon View Client for iOS 2.1.x, 2.2.x, 2.3.x
  • VMware Horizon View Client for Windows 2.3.x

Other Horizon View clients, servers, and agents not listed above do not use the vulnerable version of the OpenSSL library, and they are not affected by the Heartbleed bug.

If you did not deploy VMware Horizon View 5.3 Feature Pack 1 — specifically, the HTML Access component of the Remote Experience Agent — or any of the listed clients, you are not affected by this vulnerability.

If you deploy only these components of the Remote Experience Agent in View 5.3 Feature Pack 1, you are not vulnerable:

  • Flash URL Redirection
  • Real-Time Audio-Video
  • Unity Touch
  • Windows 7 Multimedia Redirection (MMR)

Solution

VMware Horizon View 5.3 Feature Pack 1

If you are using VMware View 5.3 Feature Pack 1, and you installed the HTML Access component of the Remote Experience Agent, you must perform these steps:

  1. Upgrade to the VMware View 5.3 Feature Pack 2 release.

    1. Download the Remote Experience Agent installer at My VMware.

      32-bit installer file:
      VMware-Horizon-View-5.3-Remote-Experience-Agent-2.0-1744521
      64-bit installer file: VMware-Horizon-View-5.3-Remote-Experience-Agent-x64-2.0-1744521


    2. Run the Remote Experience Agent installer. The old version is automatically removed and replaced with the new one.


  2. Perform these post-upgrade actions:

    1. If you used a CA-signed certificate on your HTML Access Agent:

      1. Obtain a new CA-signed certificate. For more information, see Obtaining SSL Certificates for VMware Horizon View Servers section in Obtaining SSL Certificates for VMware Horizon View Servers Guide.
      2. Change the certificate used by your HTML Access Agent. For more information, see Configure HTML Access Agents to Use New SSL Certificates in VMware Horizon View Feature Pack Installation and Administration section in VMware Horizon View Feature Pack Installation and Administration Guide.
      3. Revoke the old SSL certificate. (Contact your SSL certificate vendor for details).


    2. If you are using the default self-signed certificates on your HTML Access Agent, a new certificate will be generated automatically during installation.
    3. VMware recommends that potential users of an HTML Access Agent generate new passwords for their domain account.

Horizon View Client for iOS
Install the new client, version 2.3.3, from the App Store.
Horizon View Client for AndroidInstall the new client, version 2.3.3, from Google Play or the Amazon Appstore for Android.
Horizon View Client for WindowsRun the installer for the new client, version 2.3.3, from the VMware Horizon View Client download page.

Download for 32-bit Windows Client is available at My VMware.

32-bit installer file: VMware-Horizon-View-Client-x86-2.3.3-1745122.exe

Download for 64-bit Windows client is available at My VMware.
64-bit installer file: VMware-Horizon-View-Client-x86_64-2.3.3-1745122.exe

Frequently Asked Questions

Do I need to upgrade or change other View servers, such as View Connection Server, Transfer Server, or Security Server?

No. None of the previously released versions of those servers include the vulnerable version of the OpenSSL software.

If I installed the HTML Access component from Horizon View 5.3 Feature Pack 1 on my Connection Server, is it vulnerable?

No. That part of the installation does not include the OpenSSL software.

Will the new clients continue to work with the previous versions of View?

Yes. The upgraded clients will continue to work with View 4.x and 5.x servers.

If I installed the HTML Access component from a different Feature Pack, is it vulnerable? 

No.  Only Horizon View 5.3 Feature Pack 1 has the vulnerability.

Are the new, safe iOS and Android clients available from the iTunes, Amazon Android, and Google Play stores? 

The updated safe clients are available from the iTunes and Google Play stores. The updated client is submitted to Amazon and should be available shortly.  

Additional Information

For translated versions of this article, see:

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 11 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 11 Ratings
Actions
KB: