OpenSSL heartbleed bug – VMware products

Shares

hearthbleedMost probably you are aware about recent finding by The bug was independently discovered by security firm Codenomicon and a Google Security engineer. Heartbleed.com has a detailed explanation of the issue, which is related to the “heartbeat” section of OpenSSL’s transport layer security (TSL) protocols and has been in the wild since March 2012. If you’re running a server with OpenSSL 1.0.1 through 1.0.1f, it’s vital that you update to OpenSSL 1.0.1g immediately. Within next few days you should expect massive flow of the companies KB with list of products which are affected and unaffected by OpenSSL bug.

VMware already released KB 2076225 with a list of systems which are affected by this bug. Long story short if have old releases of VMware systems most probably you are not affected. Below you can find short-listed VMware products which are in the KB, to see full list of affected VMware products check mentioned KB article above.

These VMware products that ship with OpenSSL 1.0.1 have been confirmed to be affected:

  • ESXi 5.5
  • vCenter Server 5.5
  • VMware Fusion 6.0.x
  • VMware vCloud Automation Center (vCAC) 5.1.x
  • VMware vCloud Automation Center (vCAC) 5.2.x
  • VMware Horizon Mirage 4.4.0
  • vFabric Web Server 5.0.x – 5.3.x (For remediation details, see the Security Advisory on Critical Updates to vFabric Web Server document.)
  • VMware vCloud Networking and Security (vCNS) 5.1.3
  • VMware vCloud Networking and Security (vCNS) 5.5.1

These VMware products that ship with OpenSSL 0.9.8 have been confirmed to be unaffected:

  • ESXi/ESX 4.x
  • ESXi 5.0
  • ESXi 5.1
  • VMware Fusion 5.x
  • VMware vCenter Server 4.x
  • VMware vCenter Server 5.0
  • VMware vCenter Server 5.1
  • VMware vCenter Server Appliance (vCSA) 5.x
  • VMware vCloud Automation Center (vCAC) 6.x
Resolving hearthbleed issue in ESXi 5.5

VMware released first bunch of patches for their products related to hearthbleed bug discovered in OpenSSL library, see details below.

Resolving OpenSSL Heartbleed for ESXi 5.5 – CVE-2014-0160 (2076665).

Resolving hearthbleed issue in vCenter 5.5

VMware just released patch to solve hearthbleed issue in vCenter 5.5 – more info here KB: 2076692.

0 0 votes
Article Rating

Artur Krzywdzinski

Artur is Consulting Architect at Nutanix. He has been using, designing and deploying VMware based solutions since 2005 and Microsoft since 2012. He specialize in designing and implementing private and hybrid cloud solution based on VMware and Microsoft software stacks, datacenter migrations and transformation, disaster avoidance. Artur holds VMware Certified Design Expert certification (VCDX #077).

You may also like...

Subscribe
Notify of
guest
1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

[…] Few days after VMware come up with kb.vmware.com/kb/2076392 and advisory to DO NOT upgrade ESXi hosts to vSphere 5.5 U1 until they will find and provide solution to customers. If you are already in vCenter vSphere 5.5 U1 there is no need to roll back change because BUG is related to ESXi hosts only. So you can keep you vCenter server in version vSphere 5.5 U1 and ESXi host in vSphere 5.5 GA with the latest security patches. See more OpenSSL Hearthbleed […]

1
0
Would love your thoughts, please comment.x
()
x

FOR FREE. Download Nutanix port diagrams

Join our mailing list to receive an email with instructions on how to download 19 port diagrams in MS Visio format.

NOTE: if you do not get an email within 1h, check your SPAM filters

You have Successfully Subscribed!

Pin It on Pinterest