Thursday, April 10, 2014

HeartBleed Bug

The Heartbleed bug is a bug in the open-source cryptography library OpenSSL which allows an attacker to read the memory of a server or a client, allowing them to retrieve for example server ssl private keys. Examinations of audit logs appear to show that some attackers may have exploited the flaw for 5 months before it was rediscovered and published.


VMware also has published KB Article for the impacted Products


Not Affected Products

 These VMware products that ship with OpenSSL 0.9.8 have been confirmed to be unaffected:
  • ESXi/ESX 4.x
  • ESXi 5.0
  • ESXi 5.1
  • VMware Fusion 5.x
  • VMware vCenter Server 4.x
  • VMware vCenter Server 5.0
  • VMware vCenter Server 5.1
  • VMware vCenter Server Appliance (vCSA) 5.x
  • VMware vCloud Automation Center (vCAC) 6.x
  • VMware Horizon Mirage 4.3.x and earlier
  • VMware Update Manager (VUM)
  • VMware vCenter Orchestrator (vCO)
  • VMware vCloud Director (vCD)
  • VMware vCenter Operations Manager (vCOps)
  • VMware vCenter Site Recovery Manager (SRM)
  • VMware vCenter Configuration Manager (vCM)
  • VMware vSphere Storage Appliance (VSA)
  • VMware Workstation
  • VMware Player
  • VMware ThinApp
  • VMware vFabric Postgres
  • VMware vCloud Networking and Security (vCNS) 5.1.2 and below
  • VMware vCloud Networking and Security (vCNS) 5.5.0
  • NSX-MH 3.0 - 3.2
  • VMware View 4.x
  • VMware Horizon View 5.x
  • VMware Horizon View 5.2 Feature Pack 1
  • VMware Horizon View Clients 1.x
  • VMware Horizon View Clients 2.0.x
  • VMware Horizon Workspace Client for Macintosh 1.0.0
  • VMware Horizon Workspace Client for Macintosh 1.5.0
  • VMware Horizon Workspace Client for Windows 1.0.0
  • VMware Horizon Workspace Client for Windows 1.5.0

 Affected Products

 These VMware products that ship with OpenSSL 1.0.1 have been confirmed to be affected:
  • ESXi 5.5
  • vCenter Server 5.5
  • VMware Fusion 6.0.x
  • VMware vCloud Automation Center (vCAC) 5.1.x
  • VMware vCloud Automation Center (vCAC) 5.2.x
  • VMware Horizon Mirage 4.4.0
  • vFabric Web Server 5.0.x – 5.3.x (For remediation details, see the Security Advisory on Critical Updates to vFabric Web Serverdocument.)
  • VMware vCloud Networking and Security (vCNS) 5.1.3
  • VMware vCloud Networking and Security (vCNS) 5.5.1
  • NSX-V 6.0.x
  • NSX-MH 3.3
  • NSX-MH 4.x
  • VMware Horizon View 5.2 Feature Pack 2
  • VMware Horizon View 5.3 Feature Pack 1
  • VMware Horizon View Clients 2.1.x
  • VMware Horizon View Clients 2.2.x
  • VMware Horizon View Clients 2.3.0
  • VMware Horizon View Clients 2.4.0
  • VMware Horizon Workspace 1.0
  • VMware Horizon Workspace 1.5
  • VMware Horizon Workspace 1.8
  • VMware Horizon Workspace Client for Macintosh 1.5.1
  • VMware Horizon Workspace Client for Macintosh 1.5.2
  • VMware Horizon Workspace for Macintosh 1.8
  • VMware Horizon Workspace Client for Windows 1.5.1
  • VMware Horizon Workspace Client for Windows 1.5.2
  • VMware Horizon Workspace for Windows 1.8


No comments:

Post a Comment