VMware ESX Server 2.0 Security Update
This patch includes a new update for ESX Server 2.0 and addresses a vulnerabilities in the Linux kernel.
In ESX Server, the service console is implemented using a modified Linux distribution.
This patch includes a new update for ESX Server 2.0 and addresses the following security vulnerabilities in the Linux kernel.
ISSUE 1: A security bug has been discovered in the Linux kernel within the sbrk() function. A user could execute the sbrk() system call with invalid values and cause the kernel to map its memory into the user application
Details on this advisory are available at: http://www.kb.cert.org/vuls/id/301156
ISSUE 2: A security vulnerability due to a flaw in bounds checking in mremap() in the Linux kernel may allow a local attacker to gain root privileges.
Details on this advisory are available at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985
Note: This update only works if you have ESX Server 2.0 build 5257. Please make sure that this build is installed before applying the patch.
Installing the Update
This update will require a reboot of your ESX server to take effect. You must shutdown your virtual machines before installing the patch.