VMware ESX Server 1.5.2 Patch 5 Security Update for OpenSSL

Released 5/4/04 TAR File

This patch updates OpenSSL version 0.9.7c to version 0.9.7d. It includes a new update for ESX Server 1.5.2 Patch 5 and addresses the following security vulnerabilities in the Linux kernel:

• OpenSSL Security Advisory (issued March 17th, 2004)
• CERT Technical Cyber Security Alert TA04-078A
• Linux security exploit CAN-2004-0079
• Linux security exploit CAN-2004-0112
• Linux security exploit CAN-2004-0081

Note: This update only works if you have ESX Server 1.5.2 Patch 5, Build 5853. Please make sure that this build is installed before applying the patch.

There is a separate OpenSSL update for ESX Server 2.0.1 available as the VMware OpenSSL Update for ESX Server 2.0.1..

Installing the Update

1. Log in as root into the ESX Server 1.5.2 service console.
2. Your path variable should contain /usr/bin.

3. Download the tar file into the temporary directory /tmp, on your ESX service console.

4. Change directory to /tmp.

5. Verify the integrity of the package:
   md5sum esx-152-patch-8081.tar.gz

   The md5 checksum output should match the following:
   d7ad72c4f8ae274f4dd78e6563cae892 esx-152-patch-8081.tar.gz

6. Extract the compressed tar archive:
   tar -xvzf esx-152-patch-8081.tar.gz

7. Change directories to the newly created directory /tmp/esx-152-patch-8081:
   cd esx-152-patch-8081

8. Run the driver installer:
   /usr/bin/perl ./esx-openssl-patch.pl

9. If you are prompted to enter the HTTP session time out setting, press Enter to accept the default setting of 60 minutes.
   

10. The OpenSSL update has been installed. You do not need to reboot your server to apply the update.