• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Yellow Bricks

by Duncan Epping

  • Home
  • ESXTOP
  • Stickers/Shirts
  • Privacy Policy
  • About
  • Show Search
Hide Search

Heartbleed Security Bug fixes for VMware

Duncan Epping · Apr 19, 2014 ·

It seems to be patch Saturday as today a whole bunch of updates of products were released. All of these updates relate to the heartbleed security bug fix. There is no point in listing every single product as I assume you all know the VMware download page by now, but I do want to link the most commonly used for your convenience:

  • VMware vCenter Server 5.5 U1a
    • VCVA 5.5 U1a
  • VMware vCenter Server 5.5c
    • VCVA 5.5c
  • ESXi KB:VMware ESXi 5.5, Patch ESXi550-201404420-SG
  • ESXi KB:VMware ESXi 5.5, Patch Release ESXi550-201404001
  • VMware vCloud Networking and Security 5.5.2

Time to update, but before you do… if you are using NFS based storage make sure to read this first before jumping straight to vSphere 5.5 U1a!

Related

Server

Reader Interactions

Comments

  1. Jason Boche (@jasonboche) says

    19 April, 2014 at 23:29

    I thought the VCVA wasn’t vulnerable? Will have to revisit VMware’s KB article on all impacted products.

    • Jason Boche (@jasonboche) says

      19 April, 2014 at 23:41

      Ok it’s still unclear to me why VCSA 5.5u1 was revd to 5.5u1a. Everywhere I look it is listed as NOT impacted by heartbleed. The release notes for vCenter Server 5.5u1a explicitly state the update is for heartbleed but it would seem that only applies to the Windows version, SSO specifically. If you’re able to provide any insight on this Duncan, that would be appreciated.

      • Avi says

        28 April, 2014 at 21:26

        I guess the reason you have an heartbleed update for VCVA5.5 is because of the VMware Client Integration Plug-in is a client side component that is present when users connect to the vSphere Web Client to upload OVF files, for example. Version 5.5 of this component is affected by the OpenSSL heartbleed vulnerability. This version is part of vSphere 5.5.

        This KB also speaks about this in brief, http://kb.vmware.com/kb/2076692

  2. Patrick Hurley says

    20 April, 2014 at 19:05

    Duncan, do you know if these patches can be applied to the HP Proliant customized images here:
    http://h18004.www1.hp.com/products/servers/software/vmware/esxi-image.html?

  3. Joerg Behrens says

    22 April, 2014 at 14:32

    @Jason,
    its not the VCSA directly which is effected but it delivers the client integration plugin for the browser which is effected.

    Regards,
    Joerg

Primary Sidebar

About the author

Duncan Epping is a Chief Technologist in the Office of CTO of the Cloud Platform BU at VMware. He is a VCDX (# 007), the author of the "vSAN Deep Dive", the “vSphere Clustering Technical Deep Dive” series, and the host of the "Unexplored Territory" podcast.

Upcoming Events

May 24th – VMUG Poland
Aug 21st – VMware Explore
Sept – VMUG Slovenia (virtual)
Oct – VMUG Sweden
Nov 6th – VMware Explore
Nov 23rd – UK VMUG
Dec 7th – Swiss German VMUG

Recommended Reads

Sponsors

Want to support Yellow-Bricks? Buy an advert!

Advertisements

Copyright Yellow-Bricks.com © 2023 · Log in