VMSA-2013-0007:VMware ESX patch address security issues
VMSA-2013-0007.1
VMware ESX third party update for Service Console package sudo
VMware Security Advisory
1. Summary
VMware ESX third party update for Service Console package sudo
2. Relevant Releases
VMware ESX 4.1 without patch ESX410-201312001
VMware ESX 4.0 without patch ESX400-201305001
3. Problem Description
a. Service Console update for sudo
The service console package sudo is updated to version 1.7.2p1-14.el5_8.3
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2337 and CVE-2012-3440 to the issue addressed in this update.
Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
VMware Product
Product Version
Running on
Replace with / Apply Patch
4. Solution
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
ESXi and ESX
--------------------------
https://www.vmware.com/patchmgr/download.portal
ESX 4.1
---------
File: ESX410-201312001.zip
Build: 1368001
md5sum: c35763a84db169dd0285442d4129cc18
sha1sum: ee8e1b8d2d383422ff0dde04749c5d89e77d8e40
http://kb.vmware.com/kb/2061209
ESX410-201312001 contains ESX410-201312401-SG
ESX 4.0
---------
File: ESX400-201305001.zip
Build: 1070634
md5sum: c9ac91d3d803c7b7cb9df401c20b91c0
sha1sum: 7f5cef274c709248daa56d8c0e6fcc1ba86ae411
http://kb.vmware.com/kb/2044240
ESX400-201305001 contains ESX400-201305402-SG
6. Change log
2013-05-30 VMSA-2013-0007
Initial security advisory in conjunction with the release of ESX 4.0 patches on 2013-05-30.
2013-12-05 VMSA-2013-0007.1
Security advisory update in conjunction with the release of ESX 4.1
patches on 2013-12-05.
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2013 VMware Inc. All rights reserved.