Tuesday, June 17, 2008 3:49 PM
cmosby
VMware ESX Server update for Tomcat and Java JRE - Secunia - 2008-06-17
VMware ESX Server update for Tomcat and Java JRE
Secunia Advisory:
SA30676
Release Date:
2008-06-17
Critical:
Highly critical
Impact:
Security Bypass
Manipulation of data
Exposure of system information
Exposure of sensitive information
DoS
System access
Where:
From remote
Solution Status:
Partial Fix
OS:
VMware ESX Server 3.x
CVE reference:
CVE-2007-5232 (Secunia mirror)
CVE-2007-5236 (Secunia mirror)
CVE-2007-5237 (Secunia mirror)
CVE-2007-5238 (Secunia mirror)
CVE-2007-5239 (Secunia mirror)
CVE-2007-5240 (Secunia mirror)
CVE-2007-5274 (Secunia mirror)
CVE-2007-5333 (Secunia mirror)
CVE-2007-5342 (Secunia mirror)
CVE-2007-5461 (Secunia mirror)
CVE-2007-5689 (Secunia mirror)
CVE-2007-6286 (Secunia mirror)
CVE-2008-0657 (Secunia mirror)
CVE-2008-1185 (Secunia mirror)
CVE-2008-1186 (Secunia mirror)
CVE-2008-1187 (Secunia mirror)
CVE-2008-1188 (Secunia mirror)
CVE-2008-1189 (Secunia mirror)
CVE-2008-1190 (Secunia mirror)
CVE-2008-1191 (Secunia mirror)
CVE-2008-1192 (Secunia mirror)
CVE-2008-1193 (Secunia mirror)
CVE-2008-1194 (Secunia mirror)
CVE-2008-1195 (Secunia mirror)
CVE-2008-1196 (Secunia mirror)
Description:
VMware has issued an update for VMware ESX Server. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), bypass certain security restrictions, manipulate data, disclose sensitive/system information, or potentially compromise a vulnerable system.
For more information:
SA27009SA27320SA27398SA28274SA28795SA28878SA29239Solution:
Apply patches.
ESX 3.5 patch ESX350-200806404-SG:
http://download3.vmware.com/software/esx/ESX350-200806404-SG.zipmd5sum: 669e97880a21cce13eb7e9051f403162
http://kb.vmware.com/kb/1005219ESX 3.0.1 and 3.0.2:
The patches are not yet available.
Original Advisory:
http://www.vmware.com/security/advisories/VMSA-2008-0010.htmlOther References:
SA27009:
http://secunia.com/advisories/27009/SA27320:
http://secunia.com/advisories/27320/SA27398:
http://secunia.com/advisories/27398/SA28274:
http://secunia.com/advisories/28274/SA28795:
http://secunia.com/advisories/28795/SA28878:
http://secunia.com/advisories/28878/SA29239:
http://secunia.com/advisories/29239/
Filed under: Patch Management, Security, Virtualization, Software Vulnerabilites