VMWare releases first Heartbleed patch

VMWare releases first Heartbleed patch

Summary: Numerous VMWare products use vulnerable versions of OpenSSL. So far only Horizon Workspace Server has been patched.

SHARE:
TOPICS: Security, VMware
0

VMWare has issued a security advisory (VMSA-2014-0004) listing which of their products are affected by the Heartbleed vulnerability. The advisory also announced one patch that has been released.

A long list of products are listed as affected: vCenter Server, ESXi, VMware Fusion, NSX-MH, NSX-V, NVP, Horizon Mirage Edge Gateway, Horizon View Feature Pack, Horizon View Client, Horizon Workspace Server, Horizon Workspace Client, Horizon Workspace for Macintosh, Horizon Workspace for Windows , OVF Tool, vCloud Networking and Security and vCloud Automation Center (vCAC). Of these, a patch has been released only for Horizon Workspace Server.

An earlier VMWare knowledge base article had listed the affected products, as well as a long list of unaffected VMWare products and services, plus one service — Socialcast — which was patched several days ago.

Users of Horizon Workspace Server 1.0 are advised to upgrade to version 1.5 and to apply the patch horizon-nginx-rpm-1.5.0.0-1736237.x86_64. Version 1.5 users should apply the same patch. Users of version 1.8 should apply horizon-nginx-rpm-1.8.1.1810-1736201.x86_64.

The advisory also mentions another, lesser vulnerability in one implementation of OpenSSL which is fixed in the new version without specifically saying if VMWare is affected by it.

Topics: Security, VMware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion