-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2013-0079

Title: Several Vulnerabilities in multiple VMware products

Version history:
21.10.2013 Initial publication

Summary
=======
VMware has updated vCenter Server, vCenter Server Appliance (vCSA), vSphere Update Manager (VUM), ESXi and ESX to address multiple security vulnerabilities. [1] [2] [3]


Vulnerable systems
==================
vCenter Server 5.1 without Update 1
vCenter Server 5.0 without Update 3
Update Manager 5.0 without Update 3
VMware ESXi 5.0 without patch ESXi500-201310101-SG
VMware ESXi 4.1 without patch ESXi410-201307401-SG
VMware ESXi 4.0 without patch ESXi400-201305401-SG
VMware ESX 4.1 without patch ESX410-201307401-SG
VMware ESX 4.0 without patch ESX400-201305401-SG
VMware vCenter 5.0 without Update 3
VMware ESXi 5.0 without Update 3
VMware ESXi 4.1 without patch ESXi410-201307001
VMware ESX 4.1 without patch ESX410-201307001

What can you do?
================
Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.

vCenter Server 5.1 Update 1
--------------------------------------
Download link:
https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/5_1
Release Notes:
http://www.vmware.com/support/vsphere5/doc/vsphere-vcenter-server-51u1-release-notes.html

vCenter Server 5.0 Update 3 
------------------
Download link: 
https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/5_0
Release Notes: 
https://www.vmware.com/support/vsphere5/doc/vsp_vc50_u3_rel_notes.html

ESXi and ESX
------------------
Download link:
https://www.vmware.com/patchmgr/download.portal

ESXi 5.0
------------------
File: update-from-esxi5.0-5.0_update03.zip
md5sum: 7e6185fa3238a4895613b39e57a2a94b
sha1sum: aa3929d2c8183aeaecdc238cbbf4d270bd70dd07
http://kb.vmware.com/kb/2055559
update-from-esxi5.0-5.0_update03.zip contains ESXi500-201310101-SG

ESXi 4.1
------------------
File: ESXi410-201304001.zip
md5sum: 9ce63bcacb3412fc1c8a6a8c47ac6af6
sha1sum: 241603ef6b856e573a62fe27da039c8fffe54b1d
http://kb.vmware.com/kb/2045258
ESXi410-201304001.zip contains ESXi410-201307401-SG

ESXi 4.0
------------------
File: ESXi400-201305001.zip
md5sum: 065d3fa4b0f52dd38c2bd92e5bfc5580
sha1sum: 1f3cab25a144746372d86071a47e569c439e276a
http://kb.vmware.com/kb/2044241
ESXi400-201305001.zip contains ESXi400-201305401-SG

ESX 4.1
--------
File: ESX410-201307001.zip
md5sum: 60f15f96454b953f7747486a6a261e4f
sha1sum: 8e494b450f539ed65729205333dc3598d6ba87f8
http://kb.vmware.com/kb/2053393
ESX410-201307001.zip contains ESX410-201307401-SG

ESX 4.0
-------
File: ESX400-201305001.zip
md5sum: c9ac91d3d803c7b7cb9df401c20b91c0
sha1sum: 7f5cef274c709248daa56d8c0e6fcc1ba86ae411
http://kb.vmware.com/kb/2044240
ESX400-201305001.zip contains ESX400-201305401-SG

ESXi and ESX
------------
http://downloads.vmware.com/go/selfsupport-download

ESXi 5.0
--------
File: update-from-esxi5.0-5.0_update03.zip
md5sum: 18a294b0a3baf74925989febcd9d0877
sha1sum: d0dccad7eb769fc0efb9c04428f065c933e91a17
http://kb.vmware.com/kb/2055559

ESXi 4.1
--------
File: ESXi410-201307001.zip
md5sum: b171ea162cd753782483fa64196e8152
sha1sum: f2f19db06864a05eb4fdfea57626576f2836e718
http://kb.vmware.com/kb/2053396

ESX 4.1
-------
File: ESX410-201307001.ZIP
md5sum: 60f15f96454b953f7747486a6a261e4f
sha1sum: 8e494b450f539ed65729205333dc3598d6ba87f8
http://kb.vmware.com/kb/2053393


What to tell your users?
========================
N/A

More information
================
[1] https://www.vmware.com/security/advisories/VMSA-2013-0006.html
[2] https://www.vmware.com/security/advisories/VMSA-2013-0012.html
[3] https://www.vmware.com/security/advisories/VMSA-2013-0009.html


Best regards,

CERT-EU Pre-configuration Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383
Privacy Statement:
http://cert.europa.eu/cert/plainedition/en/cert_privacy.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJSYUMuAAoJEPpzpNLI8SVobkQP/RSquXEIu9vsai1ujQEH9KRu
QsmdRZPXwNOZ4RBOT3MEPfPG1afO9799B47r+ChjXBufZUO3SQtDv2zDeLl6Bc6m
g4mtH/tPKc8hLBT19f+WZrBtDl+YfIKu7deWFzxvt3lAzzCGxJKWLX+p1ihk6Yci
u9iD6vXcv6hJLFcX77MT7Af+Mkw6iWhxNJTAwGJOd8OQSJYQIPuKjrV5XGooiRSN
X1cCbTe5grTK+HBqqZeXB8yvX0ThDno3dEzHcQWpTiBlPLI+nJDumY3B5k++oUU5
nPSMZLcccBk3FezXS07lXLAaOnTHe9C+xTT7j3mB5B/L7Gm1oHuz4bgo0vNNqOFt
Y6Lw3yug1vLkciaEwEepCzRXgoxsNmoFedJAkLVYw1F9ZFkYvfIBeTg1sE6hCaxw
/Kx7vMbTMXXYw4frTsu18E/HHJlDbRhAs+QYY9fOlWpfvhgzuGdBBzducTmkG2ZM
ZlQbMJPHixxmxddu+Z+EOKCSoimQp1GX3e9pMhQ74FFCXkn9EH2OBeznXFpBR2Rz
p0AVmyaJgEc+43KlzN8K5o2O9k9Cg/EUc7AAXtRyYD5MQ8r7cZNq2ac9wqfAdjOJ
br6BEUbh5WQD1AV/Zh7JMS5xffHcbsKPx4NHsFP5/ljB2s9EsIbq70ifKvlJ9GWQ
UIClMzzeFAQ4qICy4uVF
=nO8k
-----END PGP SIGNATURE-----