VMware Security Advisories
VMSA-2013-0007.1
VMware ESX third party update for Service Console package sudo
| VMware Security Advisory | |
|---|---|
| Advisory ID: | VMSA-2013-0007.1 |
| Synopsis: | VMware ESX third party update for Service Console package sudo |
| Issue date: | 2013-05-30 |
| Updated on: | 2013-12-05 |
| CVE numbers: | CVE-2012-2337, CVE-2012-3440 |
VMware ESX third party update for Service Console package sudo
VMware ESX 4.1 without patch ESX410-201312001
VMware ESX 4.0 without patch ESX400-201305001
The service console package sudo is updated to version 1.7.2p1-14.el5_8.3
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2337 and CVE-2012-3440 to the issue addressed in this update.
Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
| VMware | Product | Running | Replace with /
|
| Product | Version | on | Apply Patch |
| ==========
|
=====
|
=====
|
==================
|
| ESXi | any | ESXi | not affected |
| ESX | 4.1 | ESX | ESX410-201312401-SG |
| ESX | 4.0 | ESX | ESX400-201305402-SG |
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
ESXi and ESX
--------------------------
https://www.vmware.com/patchmgr/download.portal
ESX 4.1
---------
File: ESX410-201312001.zip
Build: 1368001
md5sum: c35763a84db169dd0285442d4129cc18
sha1sum: ee8e1b8d2d383422ff0dde04749c5d89e77d8e40
http://kb.vmware.com/kb/2061209
ESX410-201312001 contains ESX410-201312401-SG
ESX 4.0
---------
File: ESX400-201305001.zip
Build: 1070634
md5sum: c9ac91d3d803c7b7cb9df401c20b91c0
sha1sum: 7f5cef274c709248daa56d8c0e6fcc1ba86ae411
http://kb.vmware.com/kb/2044240
ESX400-201305001 contains ESX400-201305402-SG
Initial security advisory in conjunction with the release of ESX 4.0 patches on 2013-05-30.
2013-12-05 VMSA-2013-0007.1
Security advisory update in conjunction with the release of ESX 4.1
patches on 2013-12-05.
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2013 VMware Inc. All rights reserved.
