Risks
Advisories
Browse
or
or
VMware Security Advisory - VMware ESXi and ESX security update for third party library (VMSA-2013-0004.2)
- -----------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID: VMSA-2013-0004.2
Synopsis:    VMware ESXi and ESX security update for third party library
Issue date:  2013-03-28
Updated on:  2013-04-30
CVE number:  CVE-2012-5134
- -----------------------------------------------------------------------

1. Summary

   VMware ESXi and ESX security updates for third party library

2. Relevant releases

   ESXi 5.1 without patch ESXi510-201304101
   ESXi 5.0 without patch ESXi500-201303101
   ESXi 4.1 without patch ESXi410-201304401
   ESX  4.1 without patch ESX410-201304401

3. Problem Description

   a. Update to ESX/ESXi libxml2 userworld and service console.

      The ESX/ESXi userworld libxml2 library has been updated to
      resolve a security issue. Also, the ESX service console
      libxml2 packages are updated to the following versions:

      libxml2-2.6.26-2.1.15.el5_8.6
      libxml2-python-2.6.26-2.1.15.el5_8.6

      The Common Vulnerabilities and Exposures project
      (cve.mitre.org) has assigned the name CVE-2012-5134
      to this issue.

      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.

        VMware          Product   Running  Replace with/
        Product         Version   on       Apply Patch
        ==============  ========  =======  =================
        ESXi            5.1       ESXi     ESXi510-201304101-SG
        ESXi            5.0       ESXi     ESXi500-201303101-SG
        ESXi            4.1       ESXi     ESXi410-201304401-SG
        ESXi            4.0       ESXi     patch pending

        ESX             4.1       ESX      ESX410-201304401-SG
        ESX             4.0       ESX      patch pending

 4. Solution

   Please review the patch/release notes for your product and
   version and verify the checksum of your downloaded file.

   ESXi and ESX
   ------------
   https://my.vmware.com/web/vmware/downloads

   ESXi 5.1
   --------
   File: update-from-esxi5.1-5.1_update01.zip
   md5sum: 28b8026bcfbe3cd1817509759d4b61d6
   sha1sum: 9d3124d3c5efa6d0c3b9ba06511243fc6e205542
   update-from-esxi5.1-5.1_update01.zip contains ESXi510-201304101-SG
   http://kb.vmware.com/kb/2041632


   ESXi 5.0
   --------
   File: ESXi500-201303001.zip
   md5sum: c62470c48e81da84891c79d5533c8e91
   sha1sum: 69fe8933888d2a6c4e53cfe822441c963bdcd2c7
   http://kb.vmware.com/kb/2044373

   ESXi 4.1
   -----------------
   File: ESXi410-201304001.zip
   md5sum: 9ce63bcacb3412fc1c8a6a8c47ac6af6
   sha1sum: 241603ef6b856e573a62fe27da039c8fffe54b1d
   http://kb.vmware.com/kb/2045255
   ESXi410-201304001.zip contains ESXi410-201304401


   ESX 4.1
   -----------------
   File: ESX410-201304001.zip
   md5sum: df9ef1d25f383a12d2fbc47cdc5f55d2
   sha1sum: e49068da7cf7e0ada57c4604cbc9ba253c03e3a0
   http://kb.vmware.com/kb/2045253
   ESX410-201304001.zip contains ESX410-201304401

5. References

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134

- ----------------------------------------------------------------------

6. Change log

   2013-03-28 VMSA-2013-0004
   Initial security advisory in conjunction with the release of
   ESXi 5.0 patch on 2013-03-28.

   2013-04-25 VMSA-2013-0004.1
   Updated security advisory due to ESXi 5.1 update released on
   2013-04-25

   2013-04-30 VMSA-2013-0004.2
   Updated security advisory due to ESXi and ESX 4.1 update released on
   2013-04-30

- ----------------------------------------------------------------------

7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

   This Security Advisory is posted to the following lists:

     * security-announce at lists.vmware.com
     * bugtraq at securityfocus.com
     * full-disclosure at lists.grok.org.uk

   E-mail:  security at vmware.com
   PGP key at: http://kb.vmware.com/kb/1055

   VMware Security Advisories
   http://www.vmware.com/security/advisories

   VMware security response policy
   http://www.vmware.com/support/policies/security_response.html

   General support life cycle policy
   http://www.vmware.com/support/policies/eos.html

   VMware Infrastructure support life cycle policy
   http://www.vmware.com/support/policies/eos_vi.html

   Copyright 2013 VMware Inc.  All rights reserved.




Spotlight

The psychology of phishing

Posted on 23 July 2014.  |  Cybercriminals no longer send out thousands of emails at random hoping to get a handful of hits, today they create highly targeted phishing emails which are tailored to suit their recipients.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Jul 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //