-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2013-0017

Title: VMware security updates for vSphere [1]

Version history:
05.02.2013 Initial publication

Summary
=======
VMware vSphere security updates for the authentication service and third party libraries.

- --- vSphere authentication ---
CVE-2013-1405
- --- libxml2 ---
CVE-2011-3102, CVE-2012-2807
- --- bind (service console) ---
CVE-2012-4244
- --- xslt (service console) ---
CVE-2011-1202, CVE-2011-3970, CVE-2012-2825,
CVE-2012-2870, CVE-2012-2871

Vulnerable systems
==================

VMware vSphere
VMware vCenter
VMware ESX
VMware ESXi

Original Details
================
Several problems identified [1]:

VMware vSphere client-side authentication memory corruption vulnerability (CVE-2013-1405)
VMware vCenter Server, vSphere Client, and ESX contain a vulnerability in the handling of the management authentication protocol. To exploit this vulnerability, an attacker must convince either vCenter Server, vSphere Client or ESX to interact with a malicious server as a client. Exploitation of the issue may lead to code execution on the client system.

Update to ESX/ESXi libxml2 userworld and service console (CVE-2011-3102, CVE-2012-2807)
Multiple security issues.

Update to ESX service console bind packages (CVE-2012-4244)
This vulnerability can be exploited remotely against recursive servers by inducing them to query for records provided by an authoritative server. It affects authoritative servers if a zone containing this type of resource record is loaded from file or provided via zone transfer.

Update to ESX service console libxslt package (CVE-2011-1202, CVE-2011-3970, CVE-2012-2825,CVE-2012-2870, CVE-2012-2871)
Multiple security issues.

What can you do?
================
Update your products to patched versions [1]: 

If there is no patch for your version of the product, it may be necessary to upgrade to a higher version.


What to tell your users?
========================
N/A

More information
================
[1] http://www.vmware.com/security/advisories/VMSA-2013-0001.html


Best regards,


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJREOz8AAoJEPpzpNLI8SVo8HwQALGWhJzGPHprUgmaKTk1FdFp
kME93IR5EpwKZCQg5fojJO6SGmtWdfVA2Dx62XT1pDVNAJqIzLuQhbeaRd743kUA
FSX8tcUA/wEoaXOV3zB4JC4Cz9tDB9OwEE1U5SJlzXTYAVS+coNLEOK4j14dVkjp
je0ueiVQS0MREM0dhP0zHd3VtVwVLTFaq4f+8s8i9lcwlFPLmZgrPFmoqe4FWc9n
njKqQWsRP3Ii/8b6rX4HfR1iOJaulOiEyuI0lUSFs1Sm+Ha2lgDY5eLaG7BYLBwa
Pmx7bn9dmZT/RwdVe+KJ93dOHSO2X5hlI7GrSegZLv92icroDkt7fjkiYJ8lWYrF
97+2qMWL95oHRkQhPllMVZq/uCMcM02hroqfD82vqoGoVtCHFj7kzd4WJmuBY1Ma
T6wwTj1DWv6Yph+iVnFcNO0AnCJkknKjsTJ5mqvTOQlgKaDhgQlSgV0d5rLKqQtO
mMAo+/wE7/t4L+T6l/PT6dAU4pcd/cf9MeZouySCwVfbx4GaxQEnSBdiAHG1klj4
z9DoWbXCrSQYe3qUIRhGeE9fNDKZWsVbXbQ40awxjJqyILPeIuApsZ2/+F2aOQwu
UO5rmRmAR7ILu+KwzpjNspD9WZgdHQSO8A2m1SmfAEbEGv63rsxZauoWqX6xGYiU
F1pe5KHPt5e64v9bPsim
=TdG0
-----END PGP SIGNATURE-----