lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4EAA46B2.80203@vmware.com>
Date: Thu, 27 Oct 2011 23:07:46 -0700
From: VMware Security Response Team <security@...are.com>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: VMSA-2011-0013 VMware third party component
 updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
                        VMware Security Advisory

Advisory ID: VMSA-2011-0013
Synopsis:    VMware third party component updates for VMware vCenter
             Server, vCenter Update Manager, ESXi and ESX
Issue date:  2011-10-27
Updated on:  2011-10-27 (initial release of advisory)
CVE numbers: --- openssl ---
             CVE-2008-7270 CVE-2010-4180
             --- libuser ---
             CVE-2011-0002
             --- nss, nspr ---
             CVE-2010-3170 CVE-2010-3173
             --- Oracle (Sun) JRE 1.6.0 ---
             CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549
             CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553
             CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557
             CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3561
             CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566
             CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3570
             CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574
             CVE-2010-4422 CVE-2010-4447 CVE-2010-4448 CVE-2010-4450
             CVE-2010-4451 CVE-2010-4452 CVE-2010-4454 CVE-2010-4462
             CVE-2010-4463 CVE-2010-4465 CVE-2010-4466 CVE-2010-4467
             CVE-2010-4468 CVE-2010-4469 CVE-2010-4470 CVE-2010-4471
             CVE-2010-4472 CVE-2010-4473 CVE-2010-4474 CVE-2010-4475
             CVE-2010-4476
             --- Oracle (Sun) JRE 1.5.0 ---
             CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4454
             CVE-2010-4462 CVE-2010-4465 CVE-2010-4466 CVE-2010-4468
             CVE-2010-4469 CVE-2010-4473 CVE-2010-4475 CVE-2010-4476
             CVE-2011-0862 CVE-2011-0873 CVE-2011-0815 CVE-2011-0864
             CVE-2011-0802 CVE-2011-0814 CVE-2011-0871 CVE-2011-0867
             CVE-2011-0865
             --- SFCB ---
             CVE-2010-2054
- ------------------------------------------------------------------------

1. Summary

   Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere
   Hypervisor (ESXi) 4.1 and ESX 4.1 addresses several security issues.

2. Relevant releases

   vCenter Server 4.1 without Update 2

   vCenter Update Manager 4.1 without Update 2

   ESXi 4.1 without patch ESX410-201110201-SG.

   ESX 4.1 without patches ESX410-201110201-SG,
   ESX410-201110204-SG, ESX410-201110206-SG,ESX410-201110214-SG.

3. Problem Description

 a. ESX third party update for Service Console openssl RPM

    The Service Console openssl RPM is updated to
    openssl-0.9.8e.12.el5_5.7 resolving two security issues.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2008-7270 and CVE-2010-4180 to these
    issues.

    Column 4 of the following table lists the action required to
    remediate the vulnerability in each release, if a solution is
    available.

    VMware      Product     Running     Replace with/
    Product     Version     on          Apply Patch
    =========   ========    =======     =================
    vCenter     any         Windows     not affected

    hosted*     any         any         not affected

    ESXi        any         any         not affected

    ESX         4.1         ESX         ESX410-201110204-SG
    ESX         4.0         ESX         patch pending
    ESX         3.5         ESX         not applicable
    ESX         3.0.3       ESX         not applicable

  * hosted products are VMware Workstation, Player, ACE, Fusion.

 b. ESX third party update for Service Console libuser RPM

    The Service Console libuser RPM is updated to version
    0.54.7-2.1.el5_5.2 to resolve a security issue.

    The Common Vulnerabilities and Exposures Project (cve.mitre.org)
    has assigned the name CVE-2011-0002 to this issue.

    Column 4 of the following table lists the action required to
    remediate the vulnerability in each release, if a solution is
    available.

    VMware      Product     Running     Replace with/
    Product     Version     on          Apply Patch
    =========   ========    =======     =================
    vCenter     any         Windows     not affected

    hosted*     any         any         not affected

    ESXi        any         ESXi        not affected

    ESX         4.1         ESX         ESX410-201110206-SG
    ESX         4.0         ESX         patch pending
    ESX         3.5         ESX         not applicable
    ESX         3.0.3       ESX         not applicable

  * hosted products are VMware Workstation, Player, ACE, Fusion.

 c. ESX third party update for Service Console nss and nspr RPMs

    The Service Console Network Security Services (NSS) and Netscape
    Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1
    and nss-3.12.8-4 resolving multiple security issues.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2010-3170 and CVE-2010-3173 to these
    issues.

    Column 4 of the following table lists the action required to
    remediate the vulnerability in each release, if a solution is
    available.

    VMware      Product     Running     Replace with/
    Product     Version     on          Apply Patch
    =========   ========    =======     =================
    vCenter     any         Windows     not affected

    hosted*     any         any         not affected

    ESXi        any         ESXi        not affected

    ESX         4.1         ESX         ESX410-201110214-SG
    ESX         4.0         ESX         patch pending
    ESX         3.5         ESX         not applicable
    ESX         3.0.3       ESX         not applicable

  * hosted products are VMware Workstation, Player, ACE, Fusion.

 d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24

    Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses
    multiple security issues that existed in earlier releases of
    Oracle (Sun) JRE.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the following names to the security issues fixed in
    JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448,
    CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454,
    CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466,
    CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470,
    CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474,
    CVE-2010-4475 and CVE-2010-4476.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the following names to the security issues fixed in
    JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548,
    CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552,
    CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556,
    CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560,
    CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565,
    CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569,
    CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and
    CVE-2010-3574.

    Column 4 of the following table lists the action required to
    remediate the vulnerability in each release, if a solution is
    available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    vCenter        5.0       Windows  not affected
    vCenter        4.1       Windows  Update 2
    vCenter        4.0       Windows  not applicable **
    VirtualCenter  2.5       Windows  not applicable **

    Update Manager 5.0       Windows  not affected
    Update Manager 4.1       Windows  not applicable **
    Update Manager 4.0       Windows  not applicable **

    hosted *       any       any      not affected

    ESXi           any       ESXi     not affected

    ESX            4.1       ESX      ESX410-201110201-SG
    ESX            4.0       ESX      not applicable **
    ESX            3.5       ESX      not applicable **
    ESX            3.0.3     ESX      not applicable **

  * hosted products are VMware Workstation, Player, ACE, Fusion.
 ** this product uses the Oracle (Sun) JRE 1.5.0 family

 e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30

    Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses
    multiple security issues that existed in earlier releases of
    Oracle (Sun) JRE.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the following names to the security issues fixed in
    Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873,
    CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814,
    CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the following names to the security issues fixed in
    Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448,
    CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465,
    CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473,
    CVE-2010-4475, CVE-2010-4476.

    Column 4 of the following table lists the action required to
    remediate the vulnerability in each release, if a solution is
    available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    vCenter        5.0       Windows  not applicable **
    vCenter        4.1       Windows  not applicable **
    vCenter        4.0       Windows  patch pending
    VirtualCenter  2.5       Windows  patch pending

    Update Manager 5.0       Windows  not applicable **
    Update Manager 4.1       Windows  Update 2
    Update Manager 4.0       Windows  patch pending

    hosted *       any       any      not affected

    ESXi           any       ESXi     not affected

    ESX            4.1       ESX      not applicable **
    ESX            4.0       ESX      patch pending
    ESX            3.5       ESX      patch pending
    ESX            3.0.3     ESX      affected, no patch planned

  * hosted products are VMware Workstation, Player, ACE, Fusion.
 ** this product uses the Oracle (Sun) JRE 1.6.0 family

 f. Integer overflow in VMware third party component sfcb

    This release resolves an integer overflow issue present in the
    third party library SFCB when the httpMaxContentLength has been
    changed from its default value to 0 in in /etc/sfcb/sfcb.cfg.
    The integer overflow could allow remote attackers to cause a
    denial of service (heap memory corruption) or possibly execute
    arbitrary code via a large integer in the Content-Length HTTP
    header.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2010-2054 to this issue.

    Column 4 of the following table lists the action required to
    remediate the vulnerability in each release, if a solution is
    available.

    VMware      Product     Running     Replace with/
    Product     Version     on          Apply Patch
    =========   ========    =======     =================
    vCenter     any         Windows     not affected

    hosted*     any         any         not affected

    ESXi        5.0         ESXi        not affected
    ESXi        4.1         ESXi        ESXi410-201110201-SG
    ESXi        4.0         ESXi        not affected
    ESXi        3.5         ESXi        not affected

    ESX         4.1         ESX         ESX410-201110201-SG
    ESX         4.0         ESX         not affected
    ESX         3.5         ESX         not affected
    ESX         3.0.3       ESX         not affected

  * hosted products are VMware Workstation, Player, ACE, Fusion.

4. Solution
   Please review the patch/release notes for your product and version
   and verify the checksum of your downloaded file.

   VMware vCenter Server 4.1
   ----------------------------------------------
   vCenter Server 4.1 Update 2
   The download for vCenter Server includes VMware Update Manager.

   Download link:

http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1

   Release Notes:

http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html
   https://www.vmware.com/support/pubs/vum_pubs.html

   File: VMware-VIMSetup-all-4.1.0-493063.iso
   md5sum: d132326846a85bfc9ebbc53defeee6e1
   sha1sum: 192c3e5d2a10bbe53c025cc7eedb3133a23e0541

   File: VMware-VIMSetup-all-4.1.0-493063.zip
   md5sum: 7fd7b09e501bd8fde52649b395491222
   sha1sum: 46dd00e7c594ac672a5d7c3c27d15be2f5a5f1f1

   File: VMware-viclient-all-4.1.0-491557.exe
   md5sum: dafd31619ae66da65115ac3900697e3a
   sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef

   VMware ESXi 4.1
   ---------------
   VMware ESXi 4.1 Update 2

   Download link:

http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1

   Release Notes:

https://www.vmware.com/support/pubs/vs_pages/vsp_pubs_esxi41_i_vc41.html

   File: VMware-VMvisor-Installer-4.1.0.update02-502767.x86_64.iso
   md5sum: 0aa78790a336c5fc6ba3d9807c98bfea
   sha1sum: 7eebd34ab5bdc81401ae20dcf59a8f8ae22086ce

   File: upgrade-from-esxi4.0-to-4.1-update02-502767.zip
   md5sum: 459d9142a885854ef0fa6edd8d6a5677
   sha1sum: 75978b6f0fc3b0ccc63babe6a65cfde6ec420d33

   File: upgrade-from-ESXi3.5-to-4.1_update02.502767.zip
   md5sum: 3047fac78a4aaa05cf9528d62fad9d73
   sha1sum: dc99b6ff352ace77d5513b4c6d8a2cb7e766a09f

   File: VMware-tools-linux-8.3.12-493255.iso
   md5sum: 63028f2bf605d26798ac24525a0e6208
   sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932

   File: VMware-viclient-all-4.1.0-491557.exe
   md5sum: dafd31619ae66da65115ac3900697e3a
   sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef

   VMware ESXi 4.1 Update 2 contains ESXi410-201110201-SG.

   VMware ESX 4.1
   --------------
   VMware ESX 4.1 Update 2
   Download link:

http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1

   Release Notes:

http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html

   File: ESX-4.1.0-update02-502767.iso
   md5sum: 9a2b524446cbd756f0f1c7d8d88077f8
   sha1sum: 2824c0628c341357a180b3ab20eb2b7ef1bee61c

   File: pre-upgrade-from-esx4.0-to-4.1-502767.zip
   md5sum: 9060ad94d9d3bad7d4fa3e4af69a41cf
   sha1sum: 9b96ba630377946c42a8ce96f0b5745c56ca46b4

   File: upgrade-from-esx4.0-to-4.1-update02-502767.zip
   md5sum: 4b60f36ee89db8cb7e1243aa02cdb549
   sha1sum: 6b9168a1b01379dce7db9d79fd280509e16d013f

   File: VMware-tools-linux-8.3.12-493255.iso
   md5sum: 63028f2bf605d26798ac24525a0e6208
   sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932

   File: VMware-viclient-all-4.1.0-491557.exe
   md5sum: dafd31619ae66da65115ac3900697e3a
   sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef

   VMware ESX 4.1 Update 2 contains ESX410-201110204-SG,
   ESX410-201110206-SG, ESX410-201110201-SG and
   ESX410-201110214-SG.

5. References

   CVE numbers
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7270
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2054
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3552
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3555
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3558
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3560
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3563
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3570
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4422
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4451
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4452
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4463
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4467
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4470
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4471
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4472
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4474
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0002
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0815
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0864
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0873

- ------------------------------------------------------------------------
6. Change log

   2011-10-27 VMSA-2011-0013
   Initial security advisory in conjunction with the release of
   Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1,
   vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 on 2011-10-27.

- ------------------------------------------------------------------------

7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

   This Security Advisory is posted to the following lists:

     * security-announce at lists.vmware.com
     * bugtraq at securityfocus.com
     * full-disclosure at lists.grok.org.uk

   E-mail:  security at vmware.com
   PGP key at: http://kb.vmware.com/kb/1055

   VMware Security Advisories
   http://www.vmware.com/security/advisories

   VMware security response policy
   http://www.vmware.com/support/policies/security_response.html

   General support life cycle policy
   http://www.vmware.com/support/policies/eos.html

   VMware Infrastructure support life cycle policy
   http://www.vmware.com/support/policies/eos_vi.html

   Copyright 2011 VMware Inc.  All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6qRrIACgkQDEcm8Vbi9kPemwCeM4Q4S8aRp8X/8/LQ8NGVdU8l
lJkAmweROyq5t0iWwM0EN2iP9ly6trbc
=Dm8O
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ