-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0084 Title: VMware ESXi update to third party library Version history: 13.07.2012 Initial publication Summary ======= VMware ESXi update addresses several security issues related to third party component libxml2. CVE-2010-4008, CVE-2010-4494, CVE-2011-0216,CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3905,CVE-2011-3919 and CVE-2012-0841 CVSS v2 Base Score:10.0 (CRITICAL) (AV:N/AC:L/Au:N/C:C/I:C/A:C) [2-11] Vulnerable systems ================== ESX 5.0 without patch ESXi500-201207101-SG ESXi 4.1 ESXi 4.0 ESXi 3.5 Original Details ================ The libxml2 third party library has been updated which addresses multiple security issues: - - libxml2 before 2.7.8 reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. - - Double free vulnerability in libxml2 2.7.8 and other versions allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. - - Off-by-one error in libxml allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site. - - Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions. - - Double free vulnerability in libxml2allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression. - -Double free vulnerability in libxml2 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. - - libxml2 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. - - Heap-based buffer overflow in libxml2 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. What can you do? ================ Patch for ESXi 5.0 is available [1]. Patches are pending for ESXi 4.1, 4.0 and 3.5. Please check [1] for their availability. What to tell your users? ======================== N/A More information ================ [1] http://www.vmware.com/security/advisories/VMSA-2012-0012.html [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4008 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4494 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0216 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1944 [6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2821 [7] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2834 [8] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3905 [9] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3919 [10] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841 [11] More information about CVSS is available at: http://www.first.org/cvss/cvss-guide.html [12] http://downloads.vmware.com/go/selfsupport-download Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJQADe1AAoJEPpzpNLI8SVoHs4P/AulZ6emU7MwFR3GU5zNM3X1 AGLtq1htGq9IFkodOFcb8UCTDS40zsduzTolGF9wZ//Gm6Cyf7WRMrAnfwN8cLGv ZVVAJ53sHX08mNRqBhdDytviIzM7sFBjta0kjuaZIq1meEg9CkW1OnkdCy0lz/01 8hUfpluUPr9ObAP6oykAtCAoVWEhBvUlT4GBW40IPRCG8lq7qF9jVrcusO1But/7 ApgFL1N+ktzuoNZw5Cs+fmbRBNYRjRpfrZ9oopFP9ms5V1dMNSSsTxVrtyBqEg8v X+uI2MdUpoAJxbXdAAYvIlbkJGn3xmwtVf1krhsM3DbG2JH7KaRT8YtqxWcNvPu+ w7tcZpjc+cnjUfRq0U3uspnGHABNejPKADB4bpRUMg5Rqzb++kx1q0IDyeVaxogD pAaE3Wo4l9PaWps8VRbzXJUloFYetf3ffGLqDfvnGKjOJmntLy9GAPaKES7gObMq hPGGSlctIQFy3z7PLm/mAd0TD54cDXB2oIi/I/UwY42FB+t4uE/+W7/xYwGzxHC6 ZVbAJRSAorDddO0GpKvMNZ3xEr61qBY9tZVvDK+Fb4n17DgqWUd9rooXyIugzgTC 65OoGi3tbJJ/qcp6J2LLC9e+spN5WysSqmmxeLxeAmUxT7RTee6NdbmskV+mIBv6 kZRaABdTa7EllSUiJnVu =i7+k -----END PGP SIGNATURE-----