Virtualization Technology News and Information
Article
RSS
VMware Security Advisory: VMware ESX third party update for Service Console

VMware ESX Service Console OS (COS) kernel update for VMware ESX 4.1 without patch ESX410-201011001:

Problem Description:

Service Console OS update for COS kernel package.

This patch updates the Service Console kernel to fix a stack pointer underflow issue in the 32-bit compatibility layer.

Exploitation of this issue could allow a local user to gain additional privileges.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-3081 to this issue.

VMware Product Running Replace with/ Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected

hosted * any any not affected

ESXi any ESXi not affected

ESX 4.1 ESX ESX410-201011402-SG
ESX 4.0 ESX patch pending
ESX 3.x ESX not applicable

* hosted products are VMware Workstation, Player, ACE, Fusion.

Solution:

Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file.

ESX 4.1
-------
ESX410-201011001
Download link:
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-253-20101122-763
417/ESX410-201011001.zip
md5sum: e73fd3302529c1d85d9cc47457dfb963
sha1sum: c0e0eac907c04105791ac44e288e7d8076dc14e0
http://kb.vmware.com/kb/1029400

ESX410-201011001 contains the following security bulletins:
ESX410-201011402-SG (COS kernel) | http://kb.vmware.com/kb/1029397

ESX410-201011001 also contains the following non-security bulletins
ESX410-201011401-BG

To install an individual bulletin use esxupdate with the -b option.

References:

CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081

Published Tuesday, November 30, 2010 5:45 AM by David Marshall
Filed under:
Comments
Twitter Trackbacks for VMware Security Advisory: VMware ESX third party update for Service Console : VMblog.com - Virtualization Technology News and Information for Everyone [vmblog.com] on Topsy.com - (Author's Link) - November 30, 2010 7:27 AM
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
top25
Calendar
<November 2010>
SuMoTuWeThFrSa
31123456
78910111213
14151617181920
21222324252627
2829301234
567891011