VMware

VMware ESX Server 2.5.5 Upgrade Patch 8 (for 2.5.5 Systems Only)

Released 06/03/08

TAR File

This document contains the following information:

Security Issues

Refer to KB 1107 for VMware product security notifications, and VMware Security Center for the VMware Security Advisories. This patch includes:

  • Service console updates to fix issues in the Tcl/Tk package
    Tcl (Tool Command Language) is an open source programming language that is suitable for a very wide range of uses, including Web and desktop applications, networking, administration, testing, and many more. Tk is the standard GUI not only for Tcl, but for many other dynamic languages, and can produce rich, native applications that run unchanged across Windows, Mac OS X, Linux and more.
    The following issues are fixed in this release:
    • Tk's GIF image handling contains an input validation flaw which can allow a malicious user to alter a GIF file in a way that leverages this flaw to initiate a buffer overflow and cause a crash or, potentially, execute code with the privileges of the application using the Tk graphical toolkit.
      The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0553 to this issue.
    • Tk's animated GIF image handling contains a buffer overflow flaw in which an animated GIF containing an initial image smaller than subsequent images can cause a crash or, potentially, execute code with the privileges of the application using the Tk library.
      The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5378 to this issue.
    • The Tcl regular expression handling engine contains a flaw, which was first discovered in the Tcl regular expression engine used in the PostgreSQL database server, that results in an infinite loop when processing certain regular expressions.
      Thanks to Will Drewry for identifying and reporting this issue.
      The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4772 to this issue.
  • Security updates to fix local exploitation of an untrusted library path vulnerability in vmware-authd
    This update fixes a security issue related to local exploitation of an untrusted library path vulnerability in vmware-authd. This vulnerability can be exploited by an attacker that has local access and the ability to execute the set-uid vmware-authd binary on an affected system. Exploitation of this flaw might result in arbitrary code execution on the Linux host system by an unprivileged user.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0967 to this issue.
  • Moderate security updates to the service console that fixes a flaw in unzip.
    This update fixes an issue where an attacker can execute malicious code with a user's privileges if the user runs unzip on a file designed to leverage this flaw.
    Thanks to Tavis Ormandy of the Google security team for identifying and reporting this issue.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0888 to this issue.
  • Service console updates to fix issues in Kerberos 5
    • Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service and possibly execute arbitrary code by triggering a large number of open file descriptors.
      The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0948 to this issue.
    • KDC in MIT Kerberos 5 does not set a global variable for some Kerberos 4 message types, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted messages that trigger a NULL pointer de-reference or a double-free error.
      The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0062 to this issue.
    • The Kerberos 4 support in KDC in MIT Kerberos 5 does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information.
      The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0063 to this issue.
    Thanks to MIT for identifying and reporting these issues.
    The CVE-2008-0062 and CVE-2008-0063 issues only affect krb5kdc with Kerberos v4 protocol compatibility enabled, which is the default setting on Red Hat Enterprise Linux 4.

    Note: The VMware service console does not provide the kadmind binary, and is not affected by these issues, but a fix has been provided for completeness.

Resolved Issues

This patch updates the tzdata RPM that provides time zone rule updates. This updates reflects that the Chile mainland, Easter Island, Salas y Gomez Island, and the Palmer polar station in Antarctica switch to DST on March 29 and not on March 9.

Applicability

This patch is an ESX Server 2.5.5 patch. Ensure that ESX Server 2.5.5 build 57619 or higher is installed before applying the patch. Run vmware -v to display the version and build information for your system.

Installing the Update

Note: VMware recommends backing up your ESX Server installation before installing this patch. Also, a minimum of 350MB of temporary free space on the "/" file system is required for installing this patch.

This update requires you to boot your server into Linux mode to perform the upgrade. When you are prompted to reboot at the end of the upgrade, the installer will restart your system to run ESX Server.

  1. Power off all virtual machines.
  2. Restart your system.
  3. At the LILO Boot Menu, select the option appropriate for your system.
    • For a boot-from-SAN installation, select esx-san-safe.
    • For all other installations, select linux-up.
  4. Log in as root to the ESX Server service console.
  5. Download the tar file into a temporary directory under /root on your ESX Server service console.
  6. Change your working directory to that directory.
  7. Verify the integrity of the package:
    # md5sum esx-2.5.5-90521 -upgrade.tar.gz

    The md5 checksum output should match the following:
    392b6947fc3600ca0e8e7788cd5bbb6e esx-2.5.5-90521 -upgrade.tar.gz

  8. Extract the compressed tar archive:
    # tar -xvzf esx-2.5.5-90521 -upgrade.tar.gz
  9. Change to the newly created directory:
    # cd esx-2.5.5-90521 -upgrade
  10. Run the installer:
    # ./upgrade.pl
  11. The system updates have now been installed. A reboot prompt is displayed:
    Reboot the server now [y/n]?

    This update will not be complete until you reboot the ESX Server host. If you enter n to indicate that you will not reboot the server at this time, ESX Server displays the warning message: Please reboot the server manually. Your virtual machines will not run properly until this is done. If you see this message, you must manually reboot the server to complete the upgrade.

  12. At the reboot prompt, enter y to reboot the server.