VMWare releases first Heartbleed patch

Numerous VMWare products use vulnerable versions of OpenSSL. So far only Horizon Workspace Server has been patched.

VMWare has issued a security advisory (VMSA-2014-0004) listing which of their products are affected by the Heartbleed vulnerability. The advisory also announced one patch that has been released.

A long list of products are listed as affected: vCenter Server, ESXi, VMware Fusion, NSX-MH, NSX-V, NVP, Horizon Mirage Edge Gateway, Horizon View Feature Pack, Horizon View Client, Horizon Workspace Server, Horizon Workspace Client, Horizon Workspace for Macintosh, Horizon Workspace for Windows , OVF Tool, vCloud Networking and Security and vCloud Automation Center (vCAC). Of these, a patch has been released only for Horizon Workspace Server.

An earlier VMWare knowledge base article had listed the affected products, as well as a long list of unaffected VMWare products and services, plus one service — Socialcast — which was patched several days ago.

Users of Horizon Workspace Server 1.0 are advised to upgrade to version 1.5 and to apply the patch horizon-nginx-rpm-1.5.0.0-1736237.x86_64. Version 1.5 users should apply the same patch. Users of version 1.8 should apply horizon-nginx-rpm-1.8.1.1810-1736201.x86_64.

The advisory also mentions another, lesser vulnerability in one implementation of OpenSSL which is fixed in the new version without specifically saying if VMWare is affected by it.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All