TUCoPS :: VMWare :: bu-1023.htm

VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components [VM
VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components



This is a multi-part message in MIME format.
--------------010202040907090606040700
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2009-0016
Synopsis:          VMware vCenter and ESX update release and vMA patch
                   release address multiple security issue in third
                   party components
Issue date:        2009-11-20
Updated on:        2009-11-20 (initial release of advisory)
CVE numbers:       --- JRE ---
                   CVE-2009-1093 CVE-2009-1094 CVE-2009-1095
                   CVE-2009-1096 CVE-2009-1097 CVE-2009-1098
                   CVE-2009-1099 CVE-2009-1100 CVE-2009-1101
                   CVE-2009-1102 CVE-2009-1103 CVE-2009-1104
                   CVE-2009-1105 CVE-2009-1106 CVE-2009-1107
                   CVE-2009-2625 CVE-2009-2670 CVE-2009-2671
                   CVE-2009-2672 CVE-2009-2673 CVE-2009-2675
                   CVE-2009-2676 CVE-2009-2716 CVE-2009-2718
                   CVE-2009-2719 CVE-2009-2720 CVE-2009-2721
                   CVE-2009-2722 CVE-2009-2723 CVE-2009-2724
                   --- Tomcat ---
                   CVE-2008-5515 CVE-2009-0033 CVE-2009-0580
                   CVE-2009-0781 CVE-2009-0783 CVE-2008-1232
                   CVE-2008-1947 CVE-2008-2370 CVE-2007-5333
                   CVE-2007-5342 CVE-2007-5461 CVE-2007-6286
                   CVE-2008-0002
                   --- ntp ---
                   CVE-2009-1252 CVE-2009-0159
                   --- kernel ---
                   CVE-2008-3528 CVE-2008-5700 CVE-2009-0028
                   CVE-2009-0269 CVE-2009-0322 CVE-2009-0675
                   CVE-2009-0676 CVE-2009-0778 CVE-2008-4307
                   CVE-2009-0834 CVE-2009-1337 CVE-2009-0787
                   CVE-2009-1336 CVE-2009-1439 CVE-2009-1633
                   CVE-2009-1072 CVE-2009-1630 CVE-2009-1192
                   CVE-2007-5966 CVE-2009-1385 CVE-2009-1388
                   CVE-2009-1389 CVE-2009-1895 CVE-2009-2406
                   CVE-2009-2407 CVE-2009-2692 CVE-2009-2698
                   CVE-2009-0745 CVE-2009-0746 CVE-2009-0747
                   CVE-2009-0748 CVE-2009-2847 CVE-2009-2848
                   --- python ---
                   CVE-2007-2052 CVE-2007-4965 CVE-2008-1721
                   CVE-2008-1887 CVE-2008-2315 CVE-2008-3142
                   CVE-2008-3143 CVE-2008-3144 CVE-2008-4864
                   CVE-2008-5031
                   --- bind ---
                   CVE-2009-0696
                   --- libxml and libxml2 ---
                   CVE-2009-2414 CVE-2009-2416
                   --- curl --
                   CVE-2009-2417
                   --- gnutil ---
                   CVE-2007-2052
- -----------------------------------------------------------------------

1. Summary

   Updated Java JRE packages and Tomcat packages address several security
   issues. Updates for the ESX Service Console and vMA include kernel,
   ntp, Python, bind libxml, libxml2, curl and gnutil packages. ntp is
   also updated for ESXi userworlds.

2. Relevant releases

   vCenter Server 4.0 before Update 1

   ESXi 4.0 without patch ESXi400-200911201-UG

   ESX 4.0 without patches ESX400-200911201-UG, ESX400-200911223-UG,
                           ESX400-200911232-SG, ESX400-200911233-SG,
                           ESX400-200911234-SG, ESX400-200911235-SG,
                           ESX400-200911237-SG, ESX400-200911238-SG

   vMA 4.0 before patch 02

3. Problem Description

 a. JRE Security Update

    JRE update to version 1.5.0_20, which addresses multiple security
    issues that existed in earlier releases of JRE.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the following names to the security issues fixed in
    JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,
    CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,
    CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,
    CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the following names to the security issues fixed in
    JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,
    CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676,
    CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720,
    CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724.

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  ================    vCenter        4.0       Windows  Update 1
    VirtualCenter  2.5       Windows  affected, patch pending
    VirtualCenter  2.0.2     Windows  affected, patch pending

    Workstation    any       any      not affected

    Player         any       any      not affected

    Server         2.0       any      affected, patch pending
    Server         1.0       any      not affected

    ACE            any       any      not affected

    Fusion         any       any      not affected

    ESXi           any       ESXi     not affected

    ESX            4.0       ESX      ESX400-200911223-UG
    ESX            3.5       ESX      affected, patch pending
    ESX            3.0.3     ESX      affected, patch pending
    ESX            2.5.5     ESX      not affected

    vMA            4.0       RHEL5    Patch 2 *

  * vMA JRE is updated to version JRE 1.5.0_21

    Notes: These vulnerabilities can be exploited remotely only if the
           attacker has access to the Service Console network.

           Security best practices provided by VMware recommend that the
           Service Console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more 
           information on VMware security best practices.

           The currently installed version of JRE depends on your patch
           deployment history.


 b. Update Apache Tomcat version to 6.0.20

   Update for VirtualCenter and ESX patch update the Tomcat package to
   version 6.0.20 which addresses multiple security issues that existed
   in the previous version of Apache Tomcat.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the following names to the security issues fixed in
   Apache Tomcat 6.0.20: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580,
   CVE-2009-0781, CVE-2009-0783.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the following names to the security issues fixed in
   Apache Tomcat 6.0.18:  CVE-2008-1232, CVE-2008-1947, CVE-2008-2370.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the following names to the security issues fixed in
   Apache Tomcat 6.0.16:  CVE-2007-5333, CVE-2007-5342, CVE-2007-5461,
   CVE-2007-6286, CVE-2008-0002.

   The following table lists what action remediates the vulnerability
   (column 4) if a solution is available.

   VMware        Product   Running  Replace with/
   Product       Version   on       Apply Patch
   ========      ========  =======  ======================   vCenter       4.0       Windows  Update 1
   VirtualCenter 2.5       Windows  affected, patch pending
   VirtualCenter 2.0.2     Windows  affected, patch pending

   Workstation   any       any      not affected

   Player        any       any      not affected

   ACE           any       Windows  not affected

   Server        2.x       any      affected, patch pending
   Server        1.x       any      not affected

   Fusion        any       Mac OS/X not affected

   ESXi          any       ESXi     not affected

   ESX           4.0       ESX      ESX400-200911223-UG
   ESX           3.5       ESX      affected, patch pending
   ESX           3.0.3     ESX      affected, patch pending
   ESX           2.5.5     ESX      not affected

   vMA           4.0       RHEL5    not affected

    Notes: These vulnerabilities can be exploited remotely only if the
           attacker has access to the Service Console network.

           Security best practices provided by VMware recommend that the
           Service Console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more 
           information on VMware security best practices.

           The currently installed version of Tomcat depends on
           your patch deployment history.

 c. Third party library update for ntp.

   The Network Time Protocol (NTP) is used to synchronize a computer's
   time with a referenced time source.

   ESXi 3.5 and ESXi 4.0 have a ntp client that is affected by the
   following security issue. Note that the same security issue is
   present in the ESX Service Console as described in section d. of
   this advisory.

   A buffer overflow flaw was discovered in the ntpd daemon's NTPv4
   authentication code. If ntpd was configured to use public key
   cryptography for NTP packet authentication, a remote attacker could
   use this flaw to send a specially-crafted request packet that could
   crash ntpd or, potentially, execute arbitrary code with the
   privileges of the "ntp" user.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2009-1252 to this issue.

   The NTP security issue identified by CVE-2009-0159 is not relevant
   for ESXi 3.5 and ESXi 4.0.

   The following table lists what action remediates the vulnerability
   in this component (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  ================    vCenter        any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           4.0       ESXi     ESXi400-200911201-UG
    ESXi           3.5       ESXi     affected, patch pending

    ESX            4.0       ESX      not affected
    ESX            3.5       ESX      not affected
    ESX            3.0.3     ESX      not affected
    ESX            2.5.5     ESX      not affected

    vMA            4.0       RHEL5    not affected

  * hosted products are VMware Workstation, Player, ACE, Server, Fusion.

 d. Service Console update for ntp

   Service Console package ntp updated to version ntp-4.2.2pl-9.el5_3.2

   The Network Time Protocol (NTP) is used to synchronize a computer's
   time with a referenced time source.

   The Service Console present in ESX is affected by the following
   security issues.

   A buffer overflow flaw was discovered in the ntpd daemon's NTPv4
   authentication code. If ntpd was configured to use public key
   cryptography for NTP packet authentication, a remote attacker could
   use this flaw to send a specially-crafted request packet that could
   crash ntpd or, potentially, execute arbitrary code with the
   privileges of the "ntp" user.

   NTP authentication is not enabled by default on the Service Console.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2009-1252 to this issue.

   A buffer overflow flaw was found in the ntpq diagnostic command. A
   malicious, remote server could send a specially-crafted reply to an
   ntpq request that could crash ntpq or, potentially, execute
   arbitrary code with the privileges of the user running the ntpq
   command.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2009-0159 to this issue.

   The following table lists what action remediates the vulnerability
   in the Service Console (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  ================    vCenter        any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           any       ESXi     not affected

    ESX            4.0       ESX      ESX400-200911238-SG
    ESX            3.5       ESX      affected, patch pending **
    ESX            3.0.3     ESX      affected, patch pending **
    ESX            2.5.5     ESX      affected, patch pending **

    vMA            4.0       RHEL5    Patch 2

  * hosted products are VMware Workstation, Player, ACE, Server, Fusion.

  ** The service consoles of ESX 2.5.5, ESX 3.0.3 and ESX 3.5 are not
affected
     by CVE-2009-1252. The security issue identified by CVE-2009-0159 has a
     low impact on the service console of ESX 2.5.5, ESX 3.0.3 and ESX 3.5.

 e. Updated Service Console package kernel

    Updated Service Console package kernel addresses the security
    issues below.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2008-3528, CVE-2008-5700, CVE-2009-0028,
    CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676,
    CVE-2009-0778 to the security issues fixed in kernel
    2.6.18-128.1.6.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2008-4307, CVE-2009-0834, CVE-2009-1337,
    CVE-2009-0787, CVE-2009-1336 to the security issues fixed in
    kernel 2.6.18-128.1.10.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2009-1439, CVE-2009-1633, CVE-2009-1072,
    CVE-2009-1630, CVE-2009-1192 to the security issues fixed in
    kernel 2.6.18-128.1.14.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2007-5966, CVE-2009-1385, CVE-2009-1388,
    CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407 to the
    security issues fixed in kernel 2.6.18-128.4.1.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2009-2692, CVE-2009-2698 to the
    security issues fixed in kernel 2.6.18-128.7.1.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2009-0745, CVE-2009-0746, CVE-2009-0747,
    CVE-2009-0748, CVE-2009-2847, CVE-2009-2848 to the security issues
    fixed in kernel 2.6.18-164.

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  ================    vCenter        any       Windows  not applicable

    hosted *       any       any      not applicable

    ESXi           any       ESXi     not applicable

    ESX            4.0       ESX      ESX400-200911201-UG
    ESX            3.5       ESX      not applicable
    ESX            3.0.3     ESX      not applicable
    ESX            2.5.5     ESX      not applicable

    vMA            4.0       RHEL5    Patch 2 **

  * hosted products are VMware Workstation, Player, ACE, Server, Fusion.

  ** vMA is updated to kernel version 2.6.18-164.

 f. Updated Service Console package python

    Service Console package Python update to version 2.4.3-24.el5.

    When the assert() system call was disabled, an input sanitization
    flaw was revealed in the Python string object implementation that
    led to a buffer overflow. The missing check for negative size values
    meant the Python memory allocator could allocate less memory than
    expected. This could result in arbitrary code execution with the
    Python interpreter's privileges.

    Multiple buffer and integer overflow flaws were found in the Python
    Unicode string processing and in the Python Unicode and string
    object implementations. An attacker could use these flaws to cause
    a denial of service.

    Multiple integer overflow flaws were found in the Python imageop
    module. If a Python application used the imageop module to
    process untrusted images, it could cause the application to
    disclose sensitive information, crash or, potentially, execute
    arbitrary code with the Python interpreter's privileges.

    Multiple integer underflow and overflow flaws were found in the
    Python snprintf() wrapper implementation. An attacker could use
    these flaws to cause a denial of service (memory corruption).

    Multiple integer overflow flaws were found in various Python
    modules. An attacker could use these flaws to cause a denial of
    service.

    An integer signedness error, leading to a buffer overflow, was
    found in the Python zlib extension module. If a Python application
    requested the negative byte count be flushed for a decompression
    stream, it could cause the application to crash or, potentially,
    execute arbitrary code with the Python interpreter's privileges.

    A flaw was discovered in the strxfrm() function of the Python
    locale module. Strings generated by this function were not properly
    NULL-terminated, which could possibly cause disclosure of data
    stored in the memory of a Python application using this function.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2007-2052 CVE-2007-4965 CVE-2008-1721
    CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143
    CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 to these issues.

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  ================    vCenter        any       Windows  not applicable

    hosted *       any       any      not applicable

    ESXi           any       ESXi     not applicable

    ESX            4.0       ESX      ESX400-200911235-SG
    ESX            3.5       ESX      affected, patch pending
    ESX            3.0.3     ESX      affected, patch pending
    ESX            2.5.5     ESX      affected, patch pending

    vMA            4.0       RHEL5    Patch 2

  * hosted products are VMware Workstation, Player, ACE, Server, Fusion.

 g. Updated Service Console package bind

    Service Console package bind updated to version 9.3.6-4.P1.el5

    The Berkeley Internet Name Domain (BIND) is an implementation of the
    Domain Name System (DNS) protocols. BIND includes a DNS server
    (named); a resolver library (routines for applications to use when
    interfacing with DNS); and tools for verifying that the DNS server
    is operating correctly.

    A flaw was found in the way BIND handles dynamic update message
    packets containing the "ANY" record type. A remote attacker could
    use this flaw to send a specially-crafted dynamic update packet
    that could cause named to exit with an assertion failure.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2009-0696 to this issue.

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  ================    vCenter        any       Windows  not applicable

    hosted *       any       any      not applicable

    ESXi           any       ESXi     not applicable

    ESX            4.0       ESX      ESX400-200911237-SG
    ESX            3.5       ESX      affected, patch pending
    ESX            3.0.3     ESX      affected, patch pending
    ESX            2.5.5     ESX      affected, patch pending

    vMA            4.0       RHEL5    Patch 2

  * hosted products are VMware Workstation, Player, ACE, Server, Fusion.

 h. Updated Service Console package libxml2

    Service Console package libxml2 updated to version 2.6.26-2.1.2.8.

    libxml is a library for parsing and manipulating XML files. A
    Document Type Definition (DTD) defines the legal syntax (and also
    which elements can be used) for certain types of files, such as XML
    files.

    A stack overflow flaw was found in the way libxml processes the
    root XML document element definition in a DTD. A remote attacker
    could provide a specially-crafted XML file, which once opened by a
    local, unsuspecting user, would lead to denial of service.

    Multiple use-after-free flaws were found in the way libxml parses
    the Notation and Enumeration attribute types. A remote attacker
    could provide a specially-crafted XML file, which once opened by a
    local, unsuspecting user, would lead to denial of service.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2009-2414 and CVE-2009-2416 to these
    issues.

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  ================    vCenter        any       Windows  not applicable

    hosted *       any       any      not applicable

    ESXi           any       ESXi     not applicable

    ESX            4.0       ESX      ESX400-200911234-SG
    ESX            3.5       ESX      affected, patch pending
    ESX            3.0.3     ESX      affected, patch pending
    ESX            2.5.5     ESX      affected, patch pending

    vMA            4.0       RHEL5    Patch 2

  * hosted products are VMware Workstation, Player, ACE, Server, Fusion.

 i. Updated Service Console package curl

    Service Console package curl updated to version 7.15.5-2.1.el5_3.5

    A cURL is affected by the previously published "null prefix attack",
    caused by incorrect handling of NULL characters in X.509
    certificates. If an attacker is able to get a carefully-crafted
    certificate signed by a trusted Certificate Authority, the attacker
    could use the certificate during a man-in-the-middle attack and
    potentially confuse cURL into accepting it by mistake.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2009-2417 to this issue

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  ================    vCenter        any       Windows  not applicable

    hosted *       any       any      not applicable

    ESXi           any       ESXi     not applicable

    ESX            4.0       ESX      ESX400-200911232-SG
    ESX            3.5       ESX      not affected
    ESX            3.0.3     ESX      not affected
    ESX            2.5.5     ESX      not affected

    vMA            4.0       RHEL5    Patch 2

  * hosted products are VMware Workstation, Player, ACE, Server, Fusion.

 j. Updated Service Console package gnutls

    Service Console package gnutil updated to version 1.4.1-3.el5_3.5

    A flaw was discovered in the way GnuTLS handles NULL characters in
    certain fields of X.509 certificates. If an attacker is able to get
    a carefully-crafted certificate signed by a Certificate Authority
    trusted by an application using GnuTLS, the attacker could use the
    certificate during a man-in-the-middle attack and potentially
    confuse the application into accepting it by mistake.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2009-2730 to this issue

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  ================    vCenter        any       Windows  not applicable

    hosted *       any       any      not applicable

    ESXi           any       ESXi     not applicable

    ESX            4.0       ESX      ESX400-200911233-SG
    ESX            3.5       ESX      not affected
    ESX            3.0.3     ESX      not affected
    ESX            2.5.5     ESX      not affected

    vMA            4.0       RHEL5    Patch 2

  * hosted products are VMware Workstation, Player, ACE, Server, Fusion.

4. Solution

   Please review the patch/release notes for your product and version
   and verify the md5sum of your downloaded file.


   VMware vCenter Server 4 Update 1
   --------------------------------
   Version       4.0 Update 1
   Build Number  208156
   Release Date  2009/11/19
   Type          Product Binaries
http://downloads.vmware.com/download/download.do?downloadGroup=VC40U1 

   VMware vCenter Server 4 and modules
   File size: 1.8 GB
   File type: .iso
   MD5SUM: 057d55b32eb27fe5f3e01bc8d3df3bc5
   SHA1SUM: c90134418c2e4d3d6637d8bee44261300ad95ec1

   VMware vCenter Server 4 and modules
   File size: 1.5 GB
   File type: .zip
   MD5SUM: f843d9c19795eb3bc5a77f5c545468a8
   SHA1SUM: 9a7abd8e70bd983151e2ee40e1b3931525c4480c

   VMware vSphere Client and Host Update Utility
   File size: 113.8 MB
   File type: .exe
   MD5SUM: 6cc6b2c958e7e9529c284e48dfae22a9
   SHA1SUM: f4c19c63a75d93cffc57b170066358160788c959

   VMware vCenter Converter BootCD
   File size: 98.8 MB
   File type: .zip
   MD5SUM: 3df94eb0e93de76b0389132ada2a3799
   SHA1SUM: 5d7c04e4f9f8ae25adc8de5963fefd8a4c92464c

   VMware vCenter Converter CLI (Linux)
   File size: 36.9 MB
   File type: .tar.gz
   MD5SUM: 3766097563936ba5e03e87e898f6bd48
   SHA1SUM: 36d485bdb5eb279296ce8c8523df04bfb12a2cb4


   ESXi 4.0 Update 1
   -----------------
   ESXi400-200911201-UG

https://hostupdate.vmware.com/software/VUM/OFFLINE/release-155-20091116-013169/ESXi-4.0.0-update01.zip
   md5sum:c6fdd6722d9e5cacb280bdcc2cca0627
   sha1sum:de9d4875f86b6493f9da991a8cff37784215db2e
http://kb.vmware.com/kb/1014886 

   NOTE: The three ESXi patches for Firmware, VMware Tools, and the
         VI Client "C" are contained in a single download file.


   ESX 4.0 Update 1
   ----------------

https://hostupdate.vmware.com/software/VUM/OFFLINE/release-158-20091118-187517/ESX-4.0.0-update01.zip
   md5sum: 68934321105c34dcda4cbeeab36a2b8f
   sha1sum: 0d8ae58cf9143d5c7113af9692dea11ed2dd864b
http://kb.vmware.com/kb/1014842 

   To install an individual bulletin use esxupdate with the -b option.
   esxupdate --bundle=ESX-4.0.0-update01.zip -b ESX400-200911223-UG
   -b ESX400-200911238-SG -b ESX400-200911201-UG -b ESX400-200911235-SG
   -b ESX400-200911237-SG -b ESX400-200911234-SG -b ESX400-200911232-SG
   -b ESX400-200911233-SG update


5. References

   CVE numbers
   --- JRE ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1102 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1105 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1106 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2670 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2672 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2676 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2716 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2718 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2719 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2720 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2721 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2722 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2723 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2724 
   --- Tomcat ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002 
   --- ntp ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159 
   --- kernel ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3528 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5700 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0269 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0322 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0675 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0778 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4307 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0834 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1337 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0787 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1336 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1439 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1633 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1072 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1630 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1192 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5966 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1385 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1388 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1389 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1895 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2406 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2407 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2698 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0745 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0746 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0747 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0748 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2848 
   --- python ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3143 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5031 
   --- bind ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696 
   --- libxml and libxml2 ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416 
   --- curl --
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417 
   --- gnutil ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052 


- ------------------------------------------------------------------------
6. Change log

2009-11-20  VMSA-2009-0016
Initial security advisory after release of vCenter 4.0 Update 1 and
ESX 4.0 Update 1 on 2009-11-19 and release of vMA Patch 2 on 2009-11-23.

- -----------------------------------------------------------------------
7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce 

This Security Advisory is posted to the following lists:

  * security-announce at lists.vmware.com
  * bugtraq at securityfocus.com
  * full-disclosure at lists.grok.org.uk

E-mail:  security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055 

VMware Security Center
http://www.vmware.com/security 

VMware security response policy
http://www.vmware.com/support/policies/security_response.html 

General support life cycle policy
http://www.vmware.com/support/policies/eos.html 

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/lifecycle/ 

Copyright 2009 VMware Inc.  All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ 

iEYEARECAAYFAksHAooACgkQS2KysvBH1xmQMACfTEcnuPanvucXPmgJCTT054o+
dtoAniXz+9xLskrkPr3oUzAcDeV729WG
=wSRz
-----END PGP SIGNATURE-----

--------------010202040907090606040700
Content-Type: application/pgp-keys;
 name="0xF047D719.asc"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="0xF047D719.asc"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.11 (GNU/Linux)

mQGiBEZhucYRBAC476oM3Q6dr1h7qMbYbympJWNUpWoliLz/M/xqGLwUoCPsJ+Jt
hDUgQh1svIzVbFpfh2KgxZ9I1t0wC9JSP2NeUulVliu1um/+OGQs5qnm879Zq0bf
RqcftQRfVRKxn7fMtj9U+iuQ0hojw5IaEm/IpIT7KYcnjhTrSEq/13Z2qwCggHWG
yxQYhR6HG754uUq7PGlvz6MD/1LoEX/iPmYiVRlpUL9J3uJ6D3v95FnXk1Ie4qG9
7AAfT50+c5iX0VFQogd0u58jScNtggB+4SgriTcLSMCslsZgnNa5RmWzhSWCGBz4
xCNCwkkCItK92gHIaxmWWpBZlG6tzdKPhVxO2Jg+R6E1nrZgrKbpgcPQ5sCVEI7+
LhjwBACAQ2EwpXCONlPMioIGBl1Ytf2xU6QDG1Y+zWLaTx9FJMMBiTdjeJSK066t
k6fi4gLc15rRnHn3V1WFeBFclN9HkdGHyLtOUL+hU1i7zEWfzhLcccR9uW8lF6/O
f10yNnPHn7oMUdG6aINSejKssKIe9XQdgMGIlyeaSoVNMCoxW7RaVk13YXJlLCBJ
bmMuIC0tIFNlY3VyaXR5IEFsZXJ0IC0tIChSZXBsYWNlcyAweDJEQTkzRTY5KSA8
dm13YXJlLXNlY3VyaXR5LWFsZXJ0QHZtd2FyZS5jb20+iEYEEBECAAYFAkZhyEQA
CgkQ9WaCEBMp/Ne1CQCfYvYxCM2RR25NJZebvinydLxjfJsAmwYODG3zrBUwt4l+
ciw+hBYPcKQ6iGYEExECACYFAkZhucYCGwMFCRLMAwAGCwkIBwMCBBUCCAMEFgID
AQIeAQIXgAAKCRBLYrKy8EfXGVrpAJ9NjVme3akS4XzFrKrhFryQxFS+VwCfTBSS
ha94MIBvS9It+9WVj//P8rKIRgQSEQIABgUCSpyxKwAKCRDZxSMExf5rUCZ/AJ0W
rTOhVT/uyY5UffMoC6BuO3l9rwCeJoHI9OHAmg0ahj6mSYvtavvOSsaIawQQEQIA
KwUCSCkFyxkYbGRhcDovL2tleXNlcnZlci5wZ3AuY29tBR4BAAAABBUICQoACgkQ
S2KysvBH1xnPSwCeImw4triyXTmeCbaEuaRyohHHxYcAn3vA8pZIa1fMOHZE4cp9
Lgepd480iQEiBBABAgAMBQJKY24PBQMAEnUAAAoJEJcQuJvKV6186RsH/AhJscGd
SyuT2ws4PvotTMC0KsuHgxbOUTtGBHsCPCx63BKAMMT6UT897N/i9Bcv+fUTYLHQ
lGaxHT+EwG2o9SFkGfB4mQeQA07wKcDCyYsUBt4wnxYSqXKmQ5jcp69O3RLCsAbf
5l7yQksDqIsIfh9dVHiHaNMx2w5JpEDptQWElf2h6rV3oN6pUoO7F+RRp0XZaip5
0F/K6JjdZ/EMqMuftfJiBotHCvr9dJyP9C+BGtQCZFoGqsxBbsMA0xpE93XKRMEF
F6knsPoEwRi8AOHFETcGg5OgSqz1A2K9duZcIDeB6dhnR4rT/Wi99T2T86v/E7ZB
rNWNjKaBnDYdboOJASIEEAECAAwFAkp1OiYFAwASdQAACgkQlxC4m8pXrXzOBQf9
H4OmulMVM830EYZhSKGsl7PFTTrMsOcI0fSDQCMtQSDznFuUuhT1QPs9lHWGw3uF
hOzTpSjwC7vrYRWP2JfAJo8jfACgnN0o7WQy07/xAVUEnmIBMTLPUixrkUuKI7sf
nLtUVA4oRmpXuE1gDsgehPPNoErAWuvT5fGgvZS3tnzyBl24dqJaPgH09WmvnHne
0WaRy4++bNGaluES5a4EyLqRsD32/BpkuVrpZcUcbYSJKPHl49vCyjLANw7z9SpM
4KmDkWVtCnWRAOt5r9HFnCj+SDMshbq0IR+XAxRKj5KMwSxDIiLTj/3dzddP+VmK
JhHDN7zPfPYZsIJlGQl8X4kBIgQQAQIADAUCSocGWQUDABJ1AAAKCRCXELibylet
fLHYB/9/fUW9NaBmOjLdflbtOtVSPfCvekZ4CSVOnOhaYeC9g5t+8Hud7iJ3hBoY
G2p3VCy91DdBcsWoCFhQtK/03Y/lKspyl3esfnKyEEjb+EbWdtb02eWt6tAZ50vN
LjaJ2MQgWHrn7WAWWjT8BC0Tdpl9klZr2wDT2DGXK+dHMPZ+nMJjopLgAjDyYvjA
sKla0z1i/nbr29Kk4h60biSnoC70wuxndiEhKC0syZg3Oyf9vNClsh2STr5SBapv
BO/vNz3bsXx8115RpVMg0zrsXwruzm2SLxjGFaATLD9iTemwoD30SQfdzkslCg+U
6nz6Iso9V6fuQsV/Y2Bc/V0wv958iQEiBBABAgAMBQJKmNKTBQMAEnUAAAoJEJcQ
uJvKV618ZpQH/2lF+MmUqOkxWziXyjpZq8Uz5tlBLXLhI9zp96AB9GtMwHXZoklC
oeMemd57zCPa8pAyw2QdjHzuVMk3XWKHftKACYg0KjIBMatao6LKwK1CTBAD8J2K
JFoRN4cHjW0rodSW9hRA+5wWeDaIXnTnadA4jt5hbss+ZML4T2FQGKJ5EHOWESNj
o7m5cCrZsUCZQBes5GrO1WVWMDJ1YQy1D2bQ90Z6Y7E3YWrE13MszbEtyH7ToEAu
Bw6sTGIkbxiojlg7domfpQc99yHobp26bN94pLBkWccIz20F9sQptGOM5Zf8894N
1q+RVneuLfrzHjGMPrxqB8YXH/tCImrvv8yJASIEEAECAAwFAkqqnuEFAwASdQAA
CgkQlxC4m8pXrXw0oQgAk2Rr2N1g0GuvamRZg8/wl+K0/3QzL3tSUR627nMoZBzs
uKtplzgTcuTJLoxKazHevjQUNFKFYk/d2f2XpEG0QYeSiXbjowjRdeNqxtGCDG+d
PTV+D3vNHz7WSv6zjDW3rGtH5RfJ+CevkjaFXA28ETRkyMsfczs+C5htWcB0x9nQ
mfZwyEYkFd4cNhQJEI4UZ0S2Yg6wJMzhj7OGOyMDpEXE8MSWXA9pr7uemP7mlnx4
OpnERXzk7dAe2EXEszcMZ4vmiKrAnvHd07EIaH03utOrVylWRX3JmwV3Hm7jbp64
N4yrxutK1CUNDDTPX/2ADrjAQ7UUQJ9mEeEyhqCitIkBIgQQAQIADAUCSrxq8gUD
ABJ1AAAKCRCXELibyletfFV4CACURHku4L++/OUFxjA6j+A/5ZN7B7RMeYvvhIm3
W6KhjAfvcG7E4TfgVB+N/bMtly9bwqLFM9a2bnJ+yfg4CqFEVKCQw95E1g2VLEd0
KIPC3bj83LhJYrUxrl8i34qa6ACgNF3lGdKpA6macE2lc48o5wNw5hnhj92XwxAP
roxFebr+27EPcF2xcU1EZcO18QT5mm/r33wMC4VOMkuX9PreFg936P7RnkVw+Npy
oycjJ73/KascaaeANGArOefw/Ym+b4Q/nrHV6xeLseQZ3qcj1QmfNtcK+w7dXvqV
cMexHNmpAx3Koio4FFd3mh9nG17altShzlSmOlTGZnEXzPqQtE1WTXdhcmUsIElu
Yy4gLS0gU2VjdXJpdHkgQWxlcnQgLS0gKFJlcGxhY2VzIDB4MkRBOTNFNjkpIDxz
ZWN1cml0eUB2bXdhcmUuY29tPohmBBMRAgAmBQJKS+ZqAhsDBQkSzAMABgsJCAcD
AgQVAggDBBYCAwECHgECF4AACgkQS2KysvBH1xmTlQCcCkIANtIwoxS6FMf4RHmd
I1DSq4UAnjkwQbWijUeBDH4WUfRqcWsUPibVuQINBEZhucYQCACGKvhopqsLiSVN
Wiz4aYjYPlBWFNNKkBYi3SgbqwWnP6ugO/8VD+nWzyrNI547G1DmhB6HNrSHTNc5
1WzxoON4WyX9o8FPltaWnnhmUWTEslywz4rV6lrs08RNtyguCeZqNsxWdLpDwm9a
mz2j8wEUzaj28qn8YVi9eJgQVVaDmExb5O/bWdKLBqgjqzwWu9FbcND/ItJl/rvY
eHsIj5N1mv2r8bemNynIAgCQe1lEBLYWZM21OhNgTK7ZGByhP5RQO7gBUOhKgt9s
qFikwJag8DR2ITPhqzBsLXyR9xkHdRxK36bf3M/BIEGSu8LH6a+iX9pNczQccaTB
ePCL+HCHAAMFB/9v8Ejx40cZ0df5seckGNqTutqQqYC6Fw+IwAVMTBl/VfCVfTqq
LSPDOm/zxUD9VlF7tOp0nPN3EJiyDI1vaFCsjXzSjnafBRMUjYLBjD02tYH5XGI5
S/FLWlG9xRRc4w25zVu6PLJVePQDhLd6p8QvM7g/daBlZN7XIhrluhlvwQZoU+NC
Mq3BH25gH78Te86QRfTuG4g8ZQibYlmKJ7Z0Wrz2Z0w3iD0KyegAF89F47wqgSp6
6gufLB4DrIDpNgNGRv5vuJYTWbRoBgIMv9nIudsrslJIl9vf5zCIHXLm3B6/2JQ4
r3LDnpsHaoIhdTOzkhMeimPvZJEmFiTwu5G+iE8EGBECAA8FAkZhucYCGwwFCRLM
AwAACgkQS2KysvBH1xmKFwCdEn6MYD//gi4rcuzQ3Gw4qQHKIkMAmQERGI42tFzv
sXIID1OadhwrO+TA
=8ABI
-----END PGP PUBLIC KEY BLOCK-----

--------------010202040907090606040700
Content-Type: application/octet-stream;
 name="0xF047D719.asc.sig"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="0xF047D719.asc.sig"

iEYEABECAAYFAksHAosACgkQS2KysvBH1xlm2gCaAmR0bcg6HGdDLRuLChdVlVud6p8AnRnd
ZwFCbOb6MEq3tw3kULt+x8g7
--------------010202040907090606040700--

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH