------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2015-0007.2
Synopsis: VMware vCenter and ESXi updates address critical security
issues
Issue date: 2015-10-01
Updated on: 2015-10-20
CVE number: CVE-2015-5177 CVE-2015-2342 CVE-2015-1047
------------------------------------------------------------------------
1. Summary
VMware vCenter and ESXi updates address critical security issues.
2. Relevant Releases
VMware ESXi 5.5 without patch ESXi550-201509101-SG
VMware ESXi 5.1 without patch ESXi510-201510101-SG
VMware ESXi 5.0 without patch ESXi500-201510101-SG
VMware vCenter Server 6.0 prior to version 6.0.0b
VMware vCenter Server 5.5 prior to version 5.5 update 3
VMware vCenter Server 5.1 prior to version 5.1 update u3b
VMware vCenter Server 5.0 prior to version 5.0 update u3e
3. Problem Description
a. VMWare ESXi OpenSLP Remote Code Execution
VMware ESXi contains a double free flaw in OpenSLP's
SLPDProcessMessage() function. Exploitation of this issue may
allow an unauthenticated attacker to remotely execute code on
the ESXi host.
VMware would like to thank Qinghao Tang of QIHU 360 for reporting
this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2015-5177 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
==================== ======= =================
ESXi 6.0 ESXi not affected
ESXi 5.5 ESXi ESXi550-201509101-SG *
ESXi 5.1 ESXi ESXi510-201510101-SG
ESXi 5.0 ESXi ESXi500-201510101-SG
* Customers who have installed the complete set of ESXi 5.5 U3
Bulletins, please review VMware KB 2133118. KB 2133118 documents
a known non-security issue and provides a solution.
b. VMware vCenter Server JMX RMI Remote Code Execution
VMware vCenter Server contains a remotely accessible JMX RMI
service that is not securely configured. An unauthenticated remote
attacker who is able to connect to the service may be able to use
it to execute arbitrary code on the vCenter server.
vCenter Server Appliance (vCSA) 5.1, 5.5 and 6.0 has remote access
to the JMX RMI service (port 9875) blocked by default.
VMware would like to thank Doug McLeod of 7 Elements Ltd and an
anonymous researcher working through HP's Zero Day Initiative for
reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2015-2342 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= ===============
VMware vCenter Server 6.0 Any 6.0.0b
VMware vCenter Server 5.5 Any 5.5 u3
VMware vCenter Server 5.1 Any 5.1 u3b
VMware vCenter Server 5.0 Any 5.0 u3e
c. VMware vCenter Server vpxd denial-of-service vulnerability
VMware vCenter Server does not properly sanitize long heartbeat
messages. Exploitation of this issue may allow an unauthenticated
attacker to create a denial-of-service condition in the vpxd
service.
VMware would like to thank the Google Security Team for reporting
this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2015-1047 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= ==============
VMware vCenter Server 6.0 Any not affected
VMware vCenter Server 5.5 Any 5.5u2
VMware vCenter Server 5.1 Any 5.1u3
VMware vCenter Server 5.0 Any 5.0u3e
4. Solution
Please review the patch/release notes for your product and version
and verify the checksum of your downloaded file.
ESXi
--------------------------------
Downloads:
https://www.vmware.com/patchmgr/findPatch.portal
Documentation:
http://kb.vmware.com/kb/2110247
http://kb.vmware.com/kb/2114875
http://kb.vmware.com/kb/2120209
vCenter Server
--------------------------------
Downloads and Documentation:
https://www.vmware.com/go/download-vsphere
5. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1047
http://kb.vmware.com/kb/2133118
------------------------------------------------------------------------
6. Change log
2015-10-20 VMSA-2015-0007.2
Updated security advisory to reflect that CVE-2015-2342 is fixed in
an earlier vCenter Server version (6.0.0b) than originally reported
(6.0 U1) and that the port required to exploit the vulnerability is
blocked in the appliance versions of the software (5.1 and above).
2015-10-06 VMSA-2015-0007.1
Updated security advisory in conjunction with the release of ESXi 5.5
U3a on 2015-10-06. Added a note to section 3.a to alert customers to
a non-security issue in ESXi 5.5 U3 that is addressed in ESXi 5.5 U3a.
2015-10-01 VMSA-2015-0007
Initial security advisory in conjunction with ESXi 5.0, 5.1 patches
and VMware vCenter Server 5.1 u3b, 5.0 u3e on 2015-10-01.
------------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
Consolidated list of VMware Security Advisories
http://kb.vmware.com/kb/2078735
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
Twitter
https://twitter.com/VMwareSRC
Copyright 2015 VMware Inc. All rights reserved.
_______________________________________________
Security-announce mailing list
Security-announce-xEzmwC/hc7si8rCdYzckzA< at >public.gmane.org
http://lists.vmware.com/mailman/listinfo/security-announce
Monthly Archives: October 2015
UPDATE : VMSA-2015-0003.13 – VMware product updates address critical information disclosure issue in JRE.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2015-0003.13
Synopsis: VMware product updates address critical information
disclosure issue in JRE.
Issue date: 2015-04-02
Updated on: 2015-10-20
CVE number: CVE-2014-6593, for other CVEs see JRE reference
- ------------------------------------------------------------------------
1. Summary
VMware product updates address critical information disclosure
issue in JRE.
2. Relevant Releases
Horizon View 6.x or 5.x
Horizon Workspace Portal Server 2.1 or 2.0
Horizon DaaS Platform 6.1.4 or 5.4.5
vCloud Networking and Security prior to 5.5.4.1
vCloud Connector 2.7
vCloud Usage Meter 3.3
vCenter Site Recovery Manager prior to 5.5.1.5 or 5.1.3.1
vCenter Server 6.0, 5.5, 5.1 or 5.0
vRealize Operations Manager 6.0
vCenter Operations Manager 5.8.x or 5.7.x
vCenter Support Assistant 5.5.1.x
vRealize Application Services 6.2 or 6.1
vCloud Application Director 6.0
vRealize Automation 6.2 or 6.1
vCloud Automation Center 6.0.1
vSphere Replication prior to 5.8.0.2, 5.6.0.3, 5.5.1.5 or 5.1.3.1
vRealize Automation 6.2.x or 6.1.x
vRealize Code Stream 1.1 or 1.0
vFabric Postgres 9.3.6.0, 9.2.10.0 or 9.1.15.0
vRealize Hyperic 5.8.x, 5.7.x or 5.0.x
vSphere AppHA Prior to 1.1.x
vSphere Big Data Extensions 2.1 and 2.0
vSphere Data Protection 6.0 and 5.8
vCenter Chargeback Manager 2.7 or 2.6
vRealize Business Adv/Ent 8.1 or 8.0
vRealize Business Standard prior to 1.1.x or 1.0.x
NSX for vSphere 6.1
NSX for Multi-Hypervisor prior to 4.2.4
vCloud Director prior to 5.5.3
vCloud Director Service Providers prior to 5.6.4.1
vCenter Application Discovery Manager 7.0
vRealize Configuration Manager 5.7.x or 5.6.x
vRealize Infrastructure 5.8 or 5.7
vRealize Orchestrator 6.0, 5.5 or 5.1.3.1
vRealize Log Insight 2.5, 2.0, 1.5 or 1.0
vSphere Management Assistant 5.5 or 5.1
vSphere Update Manager 6.0, 5.5, 5.1 or 5.0
EVO:RAIL prior to 1.2.1
3. Problem Description
a. Oracle JRE Update
Oracle JRE is updated in VMware products to address a
critical security issue that existed in earlier releases of
Oracle JRE.
VMware products running JRE 1.7 Update 75 or newer and
JRE 1.6 Update 91 or newer are not vulnerable to CVE-2014-6593,
as documented in the Oracle Java SE Critical Patch Update
Advisory of January 2015.
This advisory also includes the other security issues that
are addressed in JRE 1.7 Update 75 and JRE 1.6 Update 91. The
References section provides a link to the JRE advisory.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2014-6593 to this issue. This
issue is also known as "SKIP" or "SKIP-TLS".
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch**
============= ======= ======= =================
Horizon View 6.x any 6.1
Horizon View 5.x any 5.3.4
Horizon Workspace Portal 2.1 ,2.0 any 2.1.1
Server
Horizon DaaS Platform 6.1 any 6.1.4
Horizon DaaS Platform 5.4 any 5.4.5
vCloud Networking and Security 5.5 any 5.5.4.1*
vCloud Connector 2.7 any 2.7.1*
vCloud Usage Meter 3.3 any 3.3.3*
vCenter Site Recovery Manager 5.5.x any 5.5.1.5***
vCenter Site Recovery Manager 5.1.x any 5.1.3.1***
vCenter Site Recovery Manager 5.0.x any patch pending***
vCenter Server 6.0 any 6.0.0a
vCenter Server 5.5 any Update 2e
vCenter Server 5.1 any Update 3a
vCenter Server 5.0 any Update 3d
vRealize Operations Manager 6.0 any KB2111898
vCenter Operations Manager 5.8.x any KB2111172
vCenter Operations Manager 5.7.x any KB2111172
vCenter Support Assistant 5.5.1.x any 6.0
vRealize Application Services 6.2 any KB2111981
vRealize Application Services 6.1 any KB2111981
vCloud Application Director 6.0 any KB2111981
vCloud Application Director 5.2 any KB2111981
vRealize Automation 6.2 any KB2111658
vRealize Automation 6.1 any KB2111658
vCloud Automation Center 6.0.1 any KB2111658
vRealize Code Stream 1.1 any KB2111658
vRealize Code Stream 1.0 any KB2111658
vPostgres 9.3.x any 9.3.6.0
vPostgres 9.2.x any 9.2.10.0
vPostgres 9.1.x any 9.1.15.0
vSphere Replication 5.8.0 any 5.8.0.2
vSphere Replication 5.6.0 any 5.6.0.3
vSphere Replication 5.5.0 any 5.5.1.5
vSphere Replication 5.1 any 5.1.3.1
vRealize Hyperic 5.8 any KB2111337
vRealize Hyperic 5.7 any KB2111337
vRealize Hyperic 5.0 any KB2111337
vSphere AppHA 1.1 any KB2111336
vSphere Big Data Extensions 2.1 any KB2116604*
vSphere Big Data Extensions 2.0 any KB2116604*
vSphere Data Protection 6.0 any 6.1*
vSphere Data Protection 5.8 any 5.8.3*
vSphere Data Protection 5.5 any patch pending*
vSphere Data Protection 5.1 any patch pending*
vCenter Chargeback Manager 2.7 any KB2112011*
vCenter Chargeback Manager 2.6 any KB2113178*
vRealize Business Adv/Ent 8.1 any KB2112258*
vRealize Business Adv/Ent 8.0 any KB2112258*
vRealize Business Standard 6.0 any KB2111802
vRealize Business Standard 1.1 any KB2111802
vRealize Business Standard 1.0 any KB2111802
NSX for vSphere 6.1 any 6.1.4*
NSX for Multi-Hypervisor 4.2 any 4.2.4*
vCloud Director 5.5.x any 5.5.3*
vCloud Director For 5.6.4 any 5.6.4.1*
Service Providers
vCenter Application Discovery 7.0 any 7.1*
Manager
vRealize Configuration Manager 5.7.x any KB2111670
vRealize Configuration Manager 5.6 any KB2111670
vRealize Infrastructure 5.8 any 5.8.4
Navigator
vRealize Infrastructure 5.7 any KB2111334*
Navigator
vRealize Orchestrator 6.0 any KB2112028*
vRealize Orchestrator 5.5 any KB2112028*
vRealize Orchestrator 5.1 any 5.1.3.1*
vRealize Log Insight 2.5 any KB2113235*
vRealize Log Insight 2.0 any KB2113235*
vRealize Log Insight 1.5 any KB2113235*
vRealize Log Insight 1.0 any KB2113235*
vSphere Management Assistant 5.5.x any 5.5.0.4
vSphere Management Assistant 5.1.x any 5.1.0.3
vSphere Update Manager 6.0 any 6.0.0a*
vSphere Update Manager 5.5 any Update 2e*
vSphere Update Manager 5.1 any Update 3a*
vSphere Update Manager 5.0 any Update 3d*
EVO:RAIL 1.2.0 any 1.2.1*
* The severity of critical is lowered to important for this product
as is not considered Internet facing
** Knowledge Base (KB) articles provides details of the patches and
how to install them.
*** vCenter Site Recovery Manager 5.0, 5.1, and 5.5 itself do not
include JRE but they include the vSphere Replication appliance
which has JRE. vCenter Site Recovery 5.8 and 6.0 do not include
JRE nor the vSphere Replication appliance.
4. Solution
Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.
Horizon View 6.1, 5.3.4:
========================
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=VIEW-610-GA&productI
d=492
https://my.vmware.com/web/vmware/details?downloadGroup=VIEW-534-PREMIER&pro
ductId=396
VMware Workspace Portal 2.1.1
=============================
Download:
https://my.vmware.com/web/vmware/details?downloadGroup=HZNWS211&productId=5
01&rPId=7586
Documentation:
https://www.vmware.com/support/horizon_workspace/doc/wp_release_notes_211.h
tml
Horizon DaaS Platform 6.1.4
===========================
Download:
https://my.vmware.com/web/vmware/details?downloadGroup=HORIZON-DAAS-610-BIN
&productId=405&rPId=6527
Horizon DaaS Platform 5.4.5
===========================
Download:
https://my.vmware.com/web/vmware/details?downloadGroup=HORIZON-DAAS-ONPREM-
540&productId=398&rPId=5214
vCloud Networking and Security 5.5.4.1
======================================
Download:
https://my.vmware.com/web/vmware/details?productId=360&rPId=7625&downloadGr
oup=VCNS5541
Documentation:
https://www.vmware.com/support/vshield/doc/releasenotes_vshield_5541.html
vCloud Connector 2.7.1
======================
Downloads and Documentation:
http://www.vmware.com/support/hybridcloud/doc/hybridcloud_271_rel_notes.htm
l
vCloud Usage Meter 3.3.3
========================
Downloads:
https://my.vmware.com/en/group/vmware/get-download?downloadGroup=UMSV333
vCenter Application Discovery Manager 7.1
=========================================
Download:
https://my.vmware.com/web/vmware/details?downloadGroup=VADM-710-VA&productI
d=300&rPId=8646
Documentation:
https://www.vmware.com/support/adm/doc/vcenter-application-discovery-manage
r-71-release-notes.html
vCenter Site Recovery Manager 5.5.1.5
======================================
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=SRM5515&productId=35
7&rPId=7774
https://my.vmware.com/group/vmware/details?downloadGroup=SRM5131&productId=
291&rPId=9236
Documentation:
https://www.vmware.com/support/srm/srm-releasenotes-5-5-1.html
https://www.vmware.com/support/srm/srm-releasenotes-5-1-3-1.html
vCenter Server 6.0, 5.5, 5.1, 5.0
=================================
Downloads and Documentation:
https://www.vmware.com/go/download-vsphere
vRealize Operations Manager 6.0.1
=================================
Downloads and Documentation: http://kb.vmware.com/kb/2111898
vCenter Support Assistant 6.0
=============================
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=VCSA600&productId=49
1
vRealize Application Services 6.2, 6.1
======================================
Downloads and Documentation: http://kb.vmware.com/kb/2111981
NSX for vSphere 6.1.4
=====================
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?productId=417&downloadGroup=NSX-V-
614
NSX for Multi-Hypervisor 4.2.4
==============================
Downloads and Documentation:
https://my.vmware.com/web/vmware/info/slug/networking_security/vmware_nsx/4
_x
vCloud Application Director 6.0
======================================
Downloads and Documentation: http://kb.vmware.com/kb/2111981
vCloud Director for Service Providers 5.6.4.1
=============================================
Downloads and Documentation:
https://www.vmware.com/support/pubs/vcd_sp_pubs.html
vCenter Operations Manager 5.8.5, 5.7.4
=======================================
Downloads and Documentation: http://kb.vmware.com/kb/2111172
vCloud Automation Center 6.0.1.2
================================
Downloads and Documentation: http://kb.vmware.com/kb/2111685
vSphere Replication 5.8.0.2, 5.6.0.3, 5.5.1.5, 5.1.3.1
=============================================
Downloads:
https://my.vmware.com/web/vmware/get-download?downloadGroup=VR5802
https://my.vmware.com/web/vmware/get-download?downloadGroup=VR5603
https://my.vmware.com/web/vmware/get-download?downloadGroup=VR5515
https://my.vmware.com/web/vmware/get-download?downloadGroup=VR5131
Documentation:
http://kb.vmware.com/kb/2112025
http://kb.vmware.com/kb/2112022
http://kb.vmware.com/kb/2112012
vRealize Automation 6.2.1, 6.1.1
================================
Downloads and Documentation: http://kb.vmware.com/kb/2111658
vRealize Code Stream 1.1, 1.0
=============================
Downloads and Documentation: http://kb.vmware.com/kb/2111685
vFabric Postgres
================
Downloads
https://my.vmware.com/group/vmware/details?downloadGroup=VFPG_936&productId
=373&rPId=7787
https://my.vmware.com/group/vmware/details?downloadGroup=VFPG_92_10&product
Id=325&rPId=7788
https://my.vmware.com/group/vmware/details?downloadGroup=VFPG_91_15&product
Id=274&rPId=7789
vRealize Hyperic 5.8.4, 5.7.2, 5.0.3
====================================
Downloads and Documentation: http://kb.vmware.com/kb/KB2111337
vSphere AppHA 1.1.1
===================
Downloads and Documentation: http://kb.vmware.com/kb/2111336
vSphere Big Data Extensions 2.1 and 2.0
=======================================
Downloads and Documentation: http://kb.vmware.com/kb/2116604
vSphere Data Protection 6.1
===========================
Downloads:
https://my.vmware.com/web/vmware/details?productId=491&downloadGroup=VDP61
Documentation:
http://pubs.vmware.com/Release_Notes/en/vdp/61/vdp_610_releasenotes.html
vSphere Data Protection 5.8.3
===========================
Downloads:
https://my.vmware.com/group/vmware/details?productId=353&rPId=8950&download
Group=VDP58_3
Documentation: https://www.vmware.com/support/pubs/vdr_pubs.html
vCenter Chargeback Manager 2.7
====================================
Downloads and Documentation: http://kb.vmware.com/kb/2112011
vCenter Chargeback Manager 2.6
====================================
Downloads and Documentation: http://kb.vmware.com/kb/2113178
vRealize Business Adv/Ent 8.1, 8.0
====================================
Downloads and Documentation: http://kb.vmware.com/kb/2112258
vRealize Business Standard 6.0, 1.1 , 1.0
=======================================
Downloads and Documentation: http://kb.vmware.com/kb/2111802
vRealize Configuration Manager 5.7.3
===================================
Downloads and Documentation: http://kb.vmware.com/kb/2111670
vRealize Infrastructure Navigator 5.8.4
=======================================
Download:
https://my.vmware.com/web/vmware/details?downloadGroup=VIN_584&productId=47
6
vRealize Infrastructure Navigator 5.7
=====================================
Downloads and Documentation: http://kb.vmware.com/kb/2111334
vRealize Orchestrator 6.0, 5.5
=====================================
Downloads and Documentation: http://kb.vmware.com/kb/2112028
vRealize Orchestrator 5.1.3.1
=============================
Download:
https://my.vmware.com/group/vmware/get-download?downloadGroup=VSP51-VCL-VCO
VA-51U3A
Documentation:
https://www.vmware.com/support/pubs/orchestrator_pubs.html
vSphere Management Assistant 5.5.0.4
====================================
Download:
https://my.vmware.com/web/vmware/details?downloadGroup=VMA550&productId=352
Documentation: http://kb.vmware.com/kb/2112648
vSphere Management Assistant 5.1.0.3
====================================
Download:
https://my.vmware.com/web/vmware/details?downloadGroup=VSP510-VMA-510&produ
ctId=285
Documentation: http://kb.vmware.com/kb/2112647
vSphere Update Manager 6.0, 5.5, 5.1, 5.0
=========================================
Downloads and Documentation:
https://www.vmware.com/go/download-vsphere
EVO:RAIL
========
Downloads and Documentation:
https://my.vmware.com/group/vmware/details?productId=442&downloadGroup=EVOR
AIL1_2_1
5. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593
JRE
Oracle Java SE Critical Patch Update Advisory of January 2015
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- ------------------------------------------------------------------------
6. Change log
2015-04-02 VMSA-2015-0003
Initial security advisory in conjunction with the release of VMware
Horizon View 6.1, 5.3.4; vCenter Operations Manager 5.8.5;
vCenter Operations Manager 5.7.4; vCloud Automation Center
6.0.1.2; vSphere Replication 5.8.0.2, 5.6.0.3; vRealize
Automation 6.2.1, 6.1.1; vRealize Code Stream 1.1, 1.0;
vRealize Hyperic 5.8.4, 5.7.2, 5.0.3; vSphere AppHA 1.1.1;
vRealize Business Standard 1.1.1, 1.0.1; vRealize Configuration
Manager prior to 5.7.3; vRealize Infrastructure 5.7, 5.8.4 Patches
released on 2015-04-02.
2015-04-09 VMSA-2015-0003.1
Updated Security advisory in conjunction with the release of VMware
Horizon DaaS Platform 6.1.4, 5.4.5; vRealize Operations Manager 6.0;
vRealize Application Services 6.2; vRealize Application Services 6.1;
vCloud Application Director 6.0; vCenter Chargeback Manager 2.7, 2.6;
vCloud Director For Service Providers 5.6.4.1;
vRealize Log Insight 2.5, 2.0, 1.5, 1.0 Patches
released on 2015-04-09.
2015-04-13 VMSA-2015-0003.2
Updated Security advisory in conjunction with the release of
vRealize Business Adv/Ent 8.1, 8.0 Patches released
on 2015-04-13.
2015-04-16 VMSA-2015-0003.3
Updated Security advisory in conjunction with the release of
vCloud Connector 2.7.1; vCloud Usage Meter 3.3.3;
vCenter Server 6.0, 5.5; vSphere Update Manager 6.0, 5.5 patches
released on 2015-04-16.
2015-04-17 VMSA-2015-0003.4
Updated Security advisory in conjunction with the release of
vCenter Site Recovery Manager 5.5.1.5 patches released on 2015-04-16.
2015-04-23 VMSA-2015-0003.5
Updated Security advisory in conjunction with the release of
NSX for Multi-Hypervisor 4.2.4 and vFabric Postgres 9.3.6.0,
9.2.10.0 or 9.1.15.0 patches released on 2015-04-23.
2015-04-30 VMSA-2015-0003.6
Updated Security advisory in conjunction with the release of
vCloud Networking and Security 5.5.4.1, vCenter Server 5.1 Update 3a,
vCenter Server 5.0 Update 3d, vRealize Orchestrator 5.1.3.1,
vSphere Update Manager 5.1 Update 3a and
vSphere Update Manager 5.0 Update 3d patches released on 2015-04-30.
2015-05-07 VMSA-2015-0003.7
Updated Security advisory in conjunction with the release of
vCenter Support Assistant 6.0, vSphere Big Data Extensions 2.1
and 2.0, NSX for vSphere 6.1.4 patches released on 2015-05-07.
2015-05-08 VMSA-2015-0003.8
Updated Security advisory in conjunction with the release of
vSphere Management Assistant 5.5 and 5.1 patches released
on 2015-05-08.
2015-07-02 VMSA-2015-0003.9
Updated Security advisory in conjunction with the release of
EVO:Rail 1.2.1 patches released on 2015-07-02.
2015-08-14 VMSA-2015-0003.10
Updated Security advisory in conjunction with the release of
vCenter Application Discovery Manager 7.1.0 patches released
on 2015-08-13.
2015-09-10 VMSA-2015-0003.11
Updated Security advisory in conjunction with the release of
VMware vSphere Data Protection 6.1 released on 2015-09-10.
2015-10-15 VMSA-2015-0003.12
Updated Security advisory in conjunction with the release of
vSphere Replication 5.1.3.1 and vCenter Site Recovery Manager
5.1.3.1 released on 2015-10-15.
2015-10-20 VMSA-2015-0003.13
Updated Security advisory in conjunction with the release of
vSphere Data Protection 5.8.3 released on 2015-10-20.
- ------------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
Consolidated list of VMware Security Advisories
http://kb.vmware.com/kb/2078735
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
Twitter
https://twitter.com/VMwareSRC
Copyright 2015 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.2 (Build 16127)
Charset: utf-8
wj8DBQFWJoKaDEcm8Vbi9kMRAlEtAJ9omokngcgYhLkpN4F5O4SSO9VtfgCgptKc
rHGAms5DpxIH47ONOboPN/E=
=8Njt
-----END PGP SIGNATURE-----
CESA-2015:1917 Important CentOS 6 libwmf SecurityUpdate
CentOS Errata and Security Advisory 2015:1917 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1917.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 8094aac8d2a6cd87009e8c0fb44f9097b21ad843d5125fac8a3f4a9a5e8242c4 libwmf-0.2.8.4-25.el6_7.i686.rpm f4920bee03a0712ac222418ee49ffb5ed24779aec168b8efff64ce189cbdc5d0 libwmf-devel-0.2.8.4-25.el6_7.i686.rpm f216434c249f954b2066a0dfdaf67f64fa2aff5a0a2c393e7429f1f1399aca9b libwmf-lite-0.2.8.4-25.el6_7.i686.rpm x86_64: 8094aac8d2a6cd87009e8c0fb44f9097b21ad843d5125fac8a3f4a9a5e8242c4 libwmf-0.2.8.4-25.el6_7.i686.rpm 393e871409aaa5b9b605030e7cd5a31e143b5857f6bbc1b3323caf61355947b7 libwmf-0.2.8.4-25.el6_7.x86_64.rpm f4920bee03a0712ac222418ee49ffb5ed24779aec168b8efff64ce189cbdc5d0 libwmf-devel-0.2.8.4-25.el6_7.i686.rpm 1da8df05d2f2be015715c6441d86761c4ba23c46c4beceb2d8115ae66cac2da6 libwmf-devel-0.2.8.4-25.el6_7.x86_64.rpm f216434c249f954b2066a0dfdaf67f64fa2aff5a0a2c393e7429f1f1399aca9b libwmf-lite-0.2.8.4-25.el6_7.i686.rpm bbd4a2306e50b317e63f817fd09ab6ea3d059e04f0880ff0df1334b59fcfcb29 libwmf-lite-0.2.8.4-25.el6_7.x86_64.rpm Source: 78f1f72b8daca54fa0194c4ddf6c6fd4b9519697cb8ac32fdf83c2c4c33c13a1 libwmf-0.2.8.4-25.el6_7.src.rpm
CEEA-2015:1915 CentOS 7 ixgbe Enhancement Update
CentOS Errata and Enhancement Advisory 2015:1915 Upstream details at : https://rhn.redhat.com/errata/RHEA-2015-1915.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 626f3f739478522b7510d177d8d9ccd5aed1c2cc60b9f4660c58c07622e35741 kmod-ixgbe-4.0.3-1.el7_1.x86_64.rpm Source: a7b25dcbfcccf7735926a3cff9980babc83d7c1b774445771891d07bb8f9ca7d ixgbe-4.0.3-1.el7_1.src.rpm
Notice to appear in Court #00174586
Notice to Appear, You have to appear in the Court on the October 25. You are kindly asked to prepare and bring the documents relating to the case to Court on the specified date. Note: If you do not come, the case will be heard in your absence. You can review complete details of the Court Notice in the attachment. Regards, Gary Vincent, Court Secretary.
FBI Denies Bourne-Style Biometric Snooping Exists
The First Rule Of Zero-Days Is No One Talks About Zero-Days
Teen Who Hacked CIA Director's Email Tells How He Did It
Irish Data Watchdog Is Probing Facebook Transfers To US
How to set up your household router to protect yourself from attack
To keep your electronic devices secure, it isn’t just important to be aware of cyberattacks that could arrive via emails or false links. You need to keep an eye on your router, which provides you with your Internet access, which has become a target for the cybercriminals.
Using these apparatuses as a way to launch attacks is becoming more and more popular and it has been brought to light by two Spanish organizations – the Instituto Nacional de Ciberseguridad (INCIBE) and the Oficina de Seguridad del Internauta (OSI).
They base their warnings on information registered by the INCIBE during the past few weeks. The experts at the organization have detected that the number of daily attacks targeted at routers have increased, reaching nearly 5,000. What the cybercriminals try to do is to install a type of malware on the device and make it form part of a network in which they carry out a denial of service attack (DDoS).
DDoS attacks use a series of computers and other devices with Internet access to saturate server requests where files are stored on a web page, which then stops working and remains inaccessible to others.
- Each router that was compromised had activated the option of remote administration, which permits access to users outside of the network, allowing any IP address to control its settings.
- Also, the INCIBE has indicated that the owners of these devices hasn’t modified the access details from the default settings (user name and password). By keeping the original default settings, it was very easy to access them remotely.
- These factors allow cybercriminals to modify the working options of the router and set up access to a local network. Later, they would only have to install the malware which makes it work as if it were a bot, carrying out massive attacks.
- One of the measures put forward by the OSI to avoid your router being attacked is to change the administrator details and to use better passwords.
- Also, it isn’t advisable to activate the remote administration unless it is necessary and, in this case, do it during as short a period as possible, so as not to give the attackers a chance to detect its vulnerability.
- Every router is configured the same, although the interface where you do it and the access options vary slightly depending on the brand. Changes are carried out from the web browser by entering the IP of the device (it comes in the manual, on the tags that are attached to it, or you can find it in the connection settings within the Control Panel).
Finally, if these tips reach you too late and your device is already infected, the best option is to reinstall the firmware (the program that controls the router) from a security copy.
The post How to set up your household router to protect yourself from attack appeared first on MediaCenter Panda Security.