Search the VMware Knowledge Base (KB)
View by Article ID

Remediating steps on critical updates to VMware Horizon Workspace and Workspace Portal server regarding Shellshock (2091067)

  • 2 Ratings

Details

A critical security vulnerability in the Bash shell, also referred to as Shellshock has been identified. Exploitation of this issue might lead to remote code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278 to this issue.

Horizon Workspace and Workspace Portal server virtual appliances might use the Bash shell, which is part of the Linux operating system. In case the operating system has a vulnerable version of Bash, the Bash security vulnerability might be exploited.

The patch must be applied immediately to fix the Shellshock security vulnerability.

This article applies to these releases:

  • Horizon Workspace 1.5.0, 1.5.1, 1.5.2
  • Horizon Workspace 1.8.0, 1.8.1, 1.8.2
  • Workspace Portal 2.0.0
  • Workspace Portal 2.1.0

Solution

The Horizon Workspace and Workspace Portal server patch must be applied immediately to fix the Shellshock security vulnerability.

This patch updates the bash, bash-doc, libreadline5, libreadline5-32bit and readline-doc rpm packages.

Product Name
Version
Patch file name
Horizon Workspace 1.5.0
bash-sles11sp2-64bit.zip
Horizon Workspace 1.5.1 bash-sles11sp2-64bit.zip
Horizon Workspace 1.5.2 bash-sles11sp2-64bit.zip
Horizon Workspace
1.8.0
bash-sles11sp2-64bit.zip
Horizon Workspace 1.8.1 bash-sles11sp2-64bit.zip
Horizon Workspace 1.8.2 bash-sles11sp2-64bit.zip
Workspace Portal
2.0.0
bash-sles11sp3-64bit.zip
Workspace Portal
2.1.0
bash-sles11sp3-64bit.zip


To install the patch:

  1. Download the appropriate patch zip file for Horizon Workspace or Workspace Portal. For more information see How to download patches in My VMware (1021623)
  2. Copy the patch zip file to all virtual appliance machines in your Workspace vApp.
  3. Log in to each virtual appliance machine as a root user.
  4. Go to the folder where the patch zip file is copied to in Step 2.
  5. Unzip the patch file using the following command: unzip zip_file_name
  6. Go to the unzipped folder that contains the rpms.
  7. Run this command to update the packages: rpm -U --nodeps *.rpm
  8. Repeat Steps 2 to 7 for all virtual appliance machines in your Workspace vApp.

Note: After using the rpm -U --nodeps *.rpm command you might see this error on the gateway-va for 2.0 and earlier Workspace installations. It is safe to ignore this message.

/sbin/ldconfig: /usr/lib64/libssl.so.1.0.1 is not a symbolic link

/sbin/ldconfig: /usr/lib64/libcrypto.so.1.0.1 is not a symbolic link

    Additional Information

    For translated versions of this article, see:

    Keywords

    <pre>Bash, Shellshock, patch, security </pre>

    Request a Product Feature

    To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

    Feedback

    • 2 Ratings

    Did this article help you?
    This article resolved my issue.
    This article did not resolve my issue.
    This article helped but additional information was required to resolve my issue.

    What can we do to improve this information? (4000 or fewer characters)




    Please enter the Captcha code before clicking Submit.
    • 2 Ratings
    Actions
    KB: