Virtualization Technology News and Information
VMware Issues Product Updates for Java Vulnerability Announced April 2015

Virtualization giant VMware has issued a number of updates for various product offerings to address a critical information disclosure issue in Oracle's Java runtime environment (JRE).

VMware products running JRE 1.7 update 75 and newer or JRE 1.6 update 91 and newer are not impacted by this vulnerability, bug CVE-2014-6593, according to VMware's posted security advisory.  The vulnerability is also known as "SKIP" or "SKIP-TLS" and it could allow information disclosure inside certain VMware environments. 

The update basically installs the latest version of JRE into VMware systems where the old version of JRE was affected by the bug.  

Although patches have already been released for multiple VMware products, the company said updates were still pending for other products that might not have had as severe of a vulnerability because they weren't Internet facing.

Affected products with patches or replacements already available as of this writing include:

  • Horizon View 5.x and 6.x 
  • Horizon Workspace Portal Server 2.0, 2.1
  • vCenter Operations Manager 5.7.x, 5.8.x
  • vCloud Application Director 5.2
  • vRealize Automation 6.1, 6.2
  • vCloud Automation Center 6.0.1
  • vRealize Code Stream 1.0, 1.1
  • vSphere Replication 5.6.0, 5.8.0
  • vRealize Hyperic 5.0, 5.7, 5.8
  • vSphere AppHA 1.1
  • vRealize Business Standard 1.0, 1.1, 6.0
  • NSX for Multi-Hypervisor 4.2.x
  • vCloud Director 5.5.x
  • vRealize Configuration Manager 5.6, 5.7.x
  • vCenter Infrastructure Navigator 5.7, 5.8

If you have any of the above products and versions, make sure to update to the newer version posted or download the patch.

See this security advisory for links to patches and versions to upgrade to in order to fix this vulnerability.  And watch for patch updates to other products listed.

Published Friday, April 03, 2015 5:45 PM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<April 2015>