Schlagworte: security

VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix

– ——————————————————————-
VMware Security Advisory

Advisory ID: VMSA-2008-00011
Synopsis: Updated ESX service console packages for Samba
and vmnix
Issue date: 2008-07-28
Updated on: 2008-07-28 (initial release of advisory)
CVE numbers: CVE-2007-5001 CVE-2007-6151 CVE-2007-6206
CVE-2008-0007 CVE-2008-1367 CVE-2008-1375
CVE-2008-1669 CVE-2006-4814 CVE-2008-1105
– ——————————————————————-

1. Summary:

Updated ESX packages address several security issues.

2. Relevant releases:

VMware ESX 3.5 without patches ESX350-200806201-UG (vmnix) and
ESX350-200806218-UG (samba)

3. Problem description:

I Service Console rpm updates

a. Security Update to Service Console Kernel

This fix upgrades service console kernel version to 2.4.21-57.EL.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-5001, CVE-2007-6151, CVE-2007-6206,
CVE-2008-0007, CVE-2008-1367, CVE-2008-1375, CVE-2006-4814, and
CVE-2008-1669 to the security issues fixed in kernel-2.4.21-57.EL.

VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not applicable

hosted any any not applicable

ESXi 3.5 ESXi not applicable

ESX 3.5 ESX patch ESX350-200806201-UG
ESX 3.0.2 ESX affected, no update planned
ESX 3.0.1 ESX affected, no update planned
ESX 2.5.5 ESX not applicable
ESX 2.5.4 ESX not applicable

b. Samba Security Update

This fix upgrades the service console rpm samba to version
3.0.9-1.3E.15vmw

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-1105 to this issue.

VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not applicable

hosted any any not applicable

ESXi 3.5 ESXi not applicable

ESX 3.5 ESX patch ESX350-200806218-UG
ESX 3.0.2 ESX affected, patch pending
ESX 3.0.1 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
ESX 2.5.4 ESX affected, patch pending

Via: http://lists.vmware.com/pipermail/security-announce/2008/000023.html