-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0033 Title: VMware ESXi and ESX updates to third party libraries and ESX Service Console Version history: 09.03.2012 Initial publication Summary ======= VMware VirtualCenter Update 6b and ESX 3.5 patch update JRE. Affected Versions ================= VirtualCenter 2.5 previous to Update 6b ESX 3.5 without patch ESX350-201203401-SG Original Details ================ VirtualCenter and ESX, Oracle (Sun) JRE update 1.5.0_32 Oracle (Sun) JRE is updated to version 1.5.0_32, which addresses multiple security issues that existed in earlier releases of Oracle(Sun) JRE. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_32 in the Oracle Java SE Critical Patch Update Advisory of October 2011. [2] What can you do? ================ Deploy the updated versions of the software [1]. Workarounds: There are no workarounds that mitigate these vulnerabilities. What to tell your users? ======================== N/A More information ================ [1] http://www.vmware.com/security/advisories/VMSA-2012-0003.html [2] http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html [3] Information about CVSS: http://www.first.org/cvss/cvss-guide.html Best regards, CERT-EU CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 (DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in its setup phase, until May 2012. Services are provided in a pilot fashion, and are not yet fully functional. Announcements, alerts and warnings are sent out in best effort manner, and to contact information currently known to us. We apologise if you are not the correct recipient, or if you had already been warned about this issue from another source . Format, content and way of alerting are subject to change in the future. Contact information or even the team name may change as well.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJPWh9DAAoJEPpzpNLI8SVod/gP/iGkUCDS2bB+u59XbXROw5kj 2QEgim9u0FUUgDdrCyX/PMht9DjFAf4qJXTin4lLD0hOjvfg2qhUGfHh+fv8cTKy tvO9jxCIPOIMeUSJhTeBtvntQfTyE33jYu+kJQh26nSyihGYCzuSIvgbjRVQhV8g lWxgOaNgJhfPmhdYdZfff7qWo/189ivHS5nPHkWN6+JJ6QmQhOcNSKTwQ9dYYyA5 bslclJl90bFGJbYhZtnxZFwvOxTwEYJnBth3KYrCyoqpRs1dYgNo57zwULjcswMK 1BKpAOcly/CQx2tLCUwKcPfeOTjyQ12PpJErKDIkzbi2Ts4XIvw5+Si209jmOMyZ S4sw5G4Pq/6OG8sm5seRMm6DhfcBqSZ+73f6oM/AeinhFnP7Y6f3/37yPhC6A2/Y je6ilLQrJRPeiZdezKd1K9RdGrQrex6X3YGi5tpB1B3mDzmSszWUL3Xl4gb4glyW 5t45oVG0nZ0hE2sGYn2mcEl4aKQEHAmgSEuLGw7koquWHq/jQXv+phHutzI30DyA uwWuJ08UuIBU0S/ff5vsRGk97OFGu/rzIsC6wapW861O1WDbnyv6VONxBOCcxYPE qb0ho5ePTt30Q7op0gEoo2C5alycnTpotYbIc4LKLi6ZjKAydsSOlHjRnciS6Wz7 NRg0itVGmdYtY5EHdXqH =hllE -----END PGP SIGNATURE-----