-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0057 Title: VMware ESX updates to ESX Service Console [1] Version history: 27.04.2012 Initial publication Summary ======= VMware has released a patch to the ESX Service Console Operating System (COS) kernel which addresses several security issues in the COS kernel. The ESX Console Operating System (COS) libxml2 rpms are updated to the following versions libxml2-2.6.26-2.1.12.el5_7.2 and libxml2-python-2.6.26-2.1.12.el5_7.2 which addresses several security issues. The list of CVEs patched includes: CVE-2011-3191, CVE-2011-4348, CVE-2012-0028 CVE-2010-4008, CVE-2011-0216, CVE-2011-1944, CVE-2011-2834, CVE-2011-3905, and CVE-2011-3919. CVSS v2 Base Score for these vulnerabilities vary from 4.3 to 7.1 (from MEDIUM to HIGH) [3] Vulnerable systems ================== ESX 4.1 ESX patch available ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable What can you do? ================ Fix is available for ESX 4.1 and partially for ESX 4.0 [1]. Install the patch ESX410-201204001. Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. What to tell your users? ======================== N/A More information ================ [1] http://www.vmware.com/security/advisories/VMSA-2012-0008.html [2] Information about CVSS: http://www.first.org/cvss/cvss-guide.html Best regards, CERT-EU CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 (DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in its setup phase, until May 2012. Services are provided in a pilot fashion, and are not yet fully functional. Announcements, alerts and warnings are sent out in best effort manner, and to contact information currently known to us. We apologise if you are not the correct recipient, or if you had already been warned about this issue from another source . Format, content and way of alerting are subject to change in the future. Contact information or even the team name may change as well.) -----BEGIN PGP SIGNATURE----- Version: BCPG v1.39 iQJXBAEBAgBBBQJPmoMjOhxDRVJUIGZvciB0aGUgRXVyb3BlYW4gSW5zdGl0dXRp b25zIDxjZXJ0LWV1QGVjLmV1cm9wYS5ldT4ACgkQJ6QGykasQ4P5Sg/+LvVw9BAR sUhgf0L1qO4uQgdI8mEmykmCG1ySiSpqHTqxcQOMXw92d5jgXMaoEUDbvlu1kZ+0 wqXS8x5tNhPO2+7cI+MkOzVGYaFdGrDtyjFR0QnxcV8ETgLsYXC2ZGMExygQv0oH KmfNevUtaqrRaSHZy8+HLzMQnun3VbUR4zsMyf0QJdNI2LV2CI1ktwkPksbNovWc h+YLRR5PXCe7SHTlzOHTRvjKxpz6kTTaG9ruAeY6rQW+eRhF4qcaw/eXqiupD6Qu ic//Ykd3Pyou75fEVg9SwPwEYKxn1eCgk9J/zh8DPHCLNpDlEjDdrPjbW3zEN3c5 zyRmAiIjl6a8w9s0L30AKXb3xu/EERfsBhnUSMZ9B62wKdcCDJfEpWYN1pw6Z8fi 6zS/mYkbvIl/YD/y0N+62nbq+0n/Wdp73OEetRx23gUzuj1bGRcBylofr7t5ifnT 213eK/9ZJVXvyrre1yv07qNJdYyXT2iKcAOfEmCV2vOGN+EZ+GgvZozkmUKgmOEO lmQi7k9j9h0foj3pgUFIfZl0eK5XWmzkgKAdsDASDr54/LKeEZXoTa1XSxmaIOqv QZGNLf15NZyjj82m3Jc71/udxsMO+Xgczh//tpRilo02MaCmtDu90N4U8D0S9bFA ejTwteewRWVpdk1XUqXukQSRzyk099mWzAU= =yPFA -----END PGP SIGNATURE-----