Sign up for Security

Enter your email address:


VMware ESXi and ESX security update for third party library

VMware Security Advisory
Advisory ID: VMSA-2013-0004.3
Synopsis: VMware ESXi and ESX security update for third party library
Issue date: 2013-03-28
Updated on: 2013-05-30
CVE numbers: CVE-2012-5134
1. Summary

VMware ESXi and ESX security update for third party library.

2. Relevant Releases

ESXi 5.1 without patch ESXi510-201304101
ESXi 5.0 without patch ESXi500-201303101
ESXi 4.0 without patch ESXi400-201305001
ESXi 4.1 without patch ESXi410-201304401
ESX  4.1 without patch ESX410-201304401
ESX 4.0 without patch ESX400-201305404

3. Problem Description
a. Update to ESX/ESXi libxml2 userworld and service console.

The ESX/ESXi userworld libxml2 library has been updated to resolve a security issue. Also, the ESX service console libxml2 packages are updated to the following versions:

  • libxml2-2.6.26-2.1.15.el5_8.6
  • libxml2-python-2.6.26-2.1.15.el5_8.6

The Common Vulnerabilities and Exposures project ( has assigned the name CVE-2012-5134 to this issue.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

VMware Product Running Replace with /
Product Version on Apply Patch
ESXi 5.1 ESXi ESXi510-201304101-SG
ESXi 5.0 ESXi ESXi500-201303101-SG
ESXi 4.1 ESXi ESXi410-201304401-SG
ESXi 4.0 ESXi ESXi400-201305401-SG
ESX 4.1 ESX ESX410-201304401-SG
ESX 4.0 ESX ESX400-201305404-SG


4. Solution

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
ESXi and ESX

ESXi 5.1
md5sum: 28b8026bcfbe3cd1817509759d4b61d6
sha1sum: 9d3124d3c5efa6d0c3b9ba06511243fc6e205542 contains ESXi510-201304101-SG
ESXi 5.0
md5sum: c62470c48e81da84891c79d5533c8e91
sha1sum: 69fe8933888d2a6c4e53cfe822441c963bdcd2c7

ESXi 4.1
md5sum: 9ce63bcacb3412fc1c8a6a8c47ac6af6
sha1sum: 241603ef6b856e573a62fe27da039c8fffe54b1d contains ESXi410-201304401

ESXi 4.0
md5sum: d09b9853dd47573fcef7200622d5eee7
sha1sum: 80de7ba73ab28be59abe8463baa9b12ec1b390dd
ESXi400-201305001 contains ESXi400-201305401-SG

ESX 4.1
md5sum: df9ef1d25f383a12d2fbc47cdc5f55d2
sha1sum: e49068da7cf7e0ada57c4604cbc9ba253c03e3a0 contains ESX410-201304401

ESX 4.0
md5sum: ad8e8f1709c799fc26841514248605f3
sha1sum: 7e4e7ac361a8cc5fe8fa4b0bbd57ecfb81ab804c
ESX400-201305001 contains ESX400-201305404-SG

6. Change log

2013-03-28 VMSA-2013-0004
Initial security advisory in conjunction with the release of ESXi 5.0 patch on 2013-03-28.

2013-04-25 VMSA-2013-0004.1
Updated security advisory due to ESXi 5.1 update released on 2013-04-25

2013-04-30 VMSA-2013-0004.2
Updated security advisory due to ESXi and ESX 4.1 update released on 2013-04-30

2013-05-30 VMSA-2013-0004.3
Updated security advisory in conjunction with the release of ESX 4.0 patch on 2013-05-30

7. Contacts

E-mail list for product security notifications and announcements:

This Security Advisory is posted to the following lists:

  • security-announce at
  • bugtraq at
  • full-disclosure at
E-mail: security at
PGP key at:

VMware Security Advisories

VMware security response policy

General support life cycle policy

VMware Infrastructure support life cycle policy

Copyright 2013 VMware Inc. All rights reserved.