Most probably you are aware about
recent finding by The bug was independently discovered by security firm
Codenomicon and a Google Security engineer. Heartbleed.com has a detailed
explanation of the issue, which is related to the “heartbeat” section of OpenSSL’s
transport layer security (TSL) protocols and has been in the wild since March
2012. If you’re running a server with OpenSSL 1.0.1 through 1.0.1f, it’s vital
that you update to OpenSSL 1.0.1g immediately. Within next few days you should
expect massive flow of the companies KB with list of products which are
affected and unaffected by OpenSSL bug.
VMware already released KB2076225 with a list of systems which are affected by this bug. Long story short
if have old releases of VMware systems most probably you are not affected.
Below you can find short-listed VMware products which are in the KB, to see
full list of affected VMware products check mentioned KB article above.
These VMware products that ship with OpenSSL 1.0.1 have been confirmed to be affected:
• ESXi 5.5
• vCenter Server 5.5
• VMware Fusion 6.0.x
• VMware vCloud Automation Center (vCAC) 5.1.x
• VMware vCloud Automation Center (vCAC) 5.2.x
• VMware Horizon Mirage 4.4.0
• vFabric Web Server 5.0.x – 5.3.x (For remediation details, see the Security Advisory on Critical Updates to vFabric Web Server document.)
• VMware vCloud Networking and Security (vCNS) 5.1.3
• VMware vCloud Networking and Security (vCNS) 5.5.1
These VMware products that ship with OpenSSL 0.9.8 have been confirmed to be unaffected:
• ESXi/ESX 4.x
• ESXi 5.0
• ESXi 5.1
• VMware Fusion 5.x
• VMware vCenter Server 4.x
• VMware vCenter Server 5.0
• VMware vCenter Server 5.1
• VMware vCenter Server Appliance (vCSA) 5.x
• VMware vCloud Automation Center (vCAC) 6.x
VMware released first bunch of patches for their products related to hearthbleed bug discovered in OpenSSL library, see details below.
No comments:
Post a Comment