Heartbleed Security Bug fixes for VMware

It seems to be patch Saturday as today a whole bunch of updates of products were released. All of these updates relate to the heartbleed security bug fix. There is no point in listing every single product as I assume you all know the VMware download page by now, but I do want to link the most commonly used for your convenience:

Time to update, but before you do… if you are using NFS based storage make sure to read this first before jumping straight to vSphere 5.5 U1a!

Be Sociable, Share!


      • says

        Ok it’s still unclear to me why VCSA 5.5u1 was revd to 5.5u1a. Everywhere I look it is listed as NOT impacted by heartbleed. The release notes for vCenter Server 5.5u1a explicitly state the update is for heartbleed but it would seem that only applies to the Windows version, SSO specifically. If you’re able to provide any insight on this Duncan, that would be appreciated.

        • Avi says

          I guess the reason you have an heartbleed update for VCVA5.5 is because of the VMware Client Integration Plug-in is a client side component that is present when users connect to the vSphere Web Client to upload OVF files, for example. Version 5.5 of this component is affected by the OpenSSL heartbleed vulnerability. This version is part of vSphere 5.5.

          This KB also speaks about this in brief, http://kb.vmware.com/kb/2076692

    1. Joerg Behrens says

      its not the VCSA directly which is effected but it delivers the client integration plugin for the browser which is effected.


    Leave a Reply