VMware

OpenSSH and OpenSSL Update for ESX Server 1.5.2 and 2.0


Released 10/23/03

TAR File

This patch includes a new update to OpenSSL version 0.9.7b to version 0.9.7c.

This update includes the following patches:

  • OpenSSH version 3.5p1, which addresses a CERT advisory for a buffer management vulnerability in the version of OpenSSH included with ESX Server. Details on this advisory are available at:
    http://www.cert.org/advisories/CA-2003-24.html
  • OpenSSL version 0.9.7b to version 0.9.7c, which addresses a CERT advisory for a denial-of-service attack vulnerability in the version of OpenSSL included with ESX Server. Details on this advisory are available at:
    http://www.cert.org/advisories/CA-2003-26.html

Note: This patch only works if you have ESX Server 1.5.2 Patch 3, 4, 5, or ESX Server 2.0. If you do not meet these requirements, please upgrade your server before you install the OpenSSH and OpenSSL security update. Access the ESX Server download page for VMware ESX Server updates, drivers and patches at: http://www.vmware.com:/download/esx/.

Installation Instructions

  1. Log in as root into the ESX Server 1.5.2 or 2.0 service console.

  2. Download the tar file, into a temporary directory, for example /tmp, on your ESX Server service console.

  3. Change directories to /tmp:
    cd /tmp
  4. Verify the integrity of the downloaded package:
    md5sum esx-openssl-patch.tar.gz

    The md5 checksum output should match the following:
    fe9a339a14829abe6c08d0ae6dbaec4f esx-openssl-patch.tar.gz

  5. Extract the compressed tar archive:
    tar -xvzf esx-openssl-patch.tar.gz
  6. Run the patch installer:
    ./esx-openssl-patch.pl
  7. If a prompt appears, with a request to enter the number of minutes for the HTTP session time out setting, press Enter to accept the default setting of 60 minutes.

The patch for the OpenSSL and OpenSSH update is now installed. Next, update the ESX Server remote console software. The following section describes the steps needed for Windows and Linux updates. Before updating the remote console software, uninstall the existing remote console.

Installing the Remote Console Software for ESX Server 1.5.2 and 2.0

Windows Clients

Before you install the remote console update, you need to uninstall the existing remote console. Before you begin, make sure that you exit any open remote consoles.

Uninstalling the Existing Remote Console

  1. From Windows, select Start > Settings > Control Panel > Add/Remove Programs. This launches the Add/Remove Programs window and displays the currently installed programs.

  2. Scroll down and find VMware Remote Console and click it.

  3. Click Remove, and then from the confirmation window, click Yes to confirm removal.

Installing the Updated Remote Console on Windows

You can download a remote management package from the VMware Management Interface Status Monitor page.

  1. From the Status Monitor page, click the Windows link at the bottom of the page for the appropriate installation file.

  2. Save the installer file to your desktop.

  3. Double-click installer file to start the installation.

  4. Follow the on-screen instructions.

Linux – RPM Installer

Before you install the remote console update, you need to uninstall the existing remote console. Before you begin, make sure that you exit any open remote consoles.

Uninstalling the Existing Remote Console

  1. From Linux, log in as root.
  2. Run the command to remove the Remote Console:
    rpm -e VMware-console

Installing the Updated Remote Console on Linux

You can download a remote management package from the VMware Management Interface Status Monitor page.

  1. From the Status Monitor page, click the Linux (rpm) link at the bottom of the page.
  2. Save the installer file to a temporary directory, for example, /tmp.
  3. Become root:
    su -
  4. Change directories to /tmp:
    cd /tmp
  5. Verify the integrity of the downloaded package:
    • For ESX Server 2.0:
      md5sum VMware-console-2.0.0-6222.i386.rpm

      The md5 checksum output should match the following:
      62106c5cc7e14cfe64f094f7f4cdbed5 VMware-console-2.0.0-6222.i386.rpm

    • For ESX Server 1.5.2:
      md5sum VMware-console-1.5.2-6196.i386.rpm

      The md5 checksum output should match the following:
      38f69fc77b2c526505de486814fa6c32 VMware-console-1.5.2-6196.i386.rpm

  6. Run the RPM installer:
    • For ESX Server 2.0:
      rpm -Uvh --nodeps --force VMware-console-2.0.0-6222.i386.rpm
    • For ESX Server 1.5.2:
      rpm -Uvh --nodeps --force VMware-console-1.5.2-6196.i386.rpm
  7. Configure the remote console:
    /usr/bin/vmware-config-console.pl