Next Page >>
upgrade
VMware ESX 3.0.0 without patches ESX-4809553 ESX-1001204 ESX-1001206
ESX-1001212 ESX-1001205 ESX-1001207
ESX-1001208 ESX-1001209 ESX-1001210
ESX-1001211
VMware ESX 2.5.4 prior to upgrade patch 10 (Build# 53326)
VMware ESX 2.5.3 prior to upgrade patch 13 (Build# 52488)
VMware ESX 2.1.3 prior to upgrade patch 8 (Build# 53228)
VMware ESX 2.0.2 prior to upgrade patch 8 (Build# 52650)
3. Problem description:
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the name CVE-2008-0923 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
VMware ESX 3.0.3 without patch ESX303-200811401-BG
VMware ESX 3.0.2 without patch ESX-1006980
NOTE: General Support for Workstation version 5.x ended on
2009-03-19. Users should plan to upgrade to the latest
Workstation version 6.x release.
Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08.
Users should plan to upgrade to ESX 3.0.3 and preferably to
the newest release available.
VMware ESX 3.5 without patch ESX350-200912401-BG
VMware ESX 3.0.3 without patch ESX303-201002203-UG
VMware ESX 2.5.5 without Upgrade Patch 15.
Notes:
Effective May 2010, VMware's patch and update release program during
Extended Support will be continued with the condition that all
subsequent patch and update releases will be based on the latest
VMware ESX 3.5 without patch ESX350-200912401-BG
VMware ESX 3.0.3 without patch ESX303-201002203-UG
VMware ESX 2.5.5 without Upgrade Patch 15.
Notes:
Effective May 2010, VMware's patch and update release program during
Extended Support will be continued with the condition that all
subsequent patch and update releases will be based on the latest
VMware ESX 3.0.2 without patch ESX-1008420
VMware ESX 2.5.5 without update patch 13
Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08.
Users should plan to upgrade to ESX 3.0.3 and preferably to
the newest release available.
Extended support for ESX 2.5.5 ends on 2010-06-15. Users should plan
to upgrade to ESX 3.0.3 and preferably to the newest release
available.
* Cisco Security Manager
+---------------------------------------------------------------+
| CSM Version | Remediation | Location |
|----------------------+-------------+--------------------------|
| 3.2. 3.2 SP1, 3.2 | Upgrade to | - |
| SP2 | 3.3.1 SP4 | |
|----------------------+-------------+--------------------------|
| 3.2.1, 3.2.1 SP1 | Upgrade to | - |
| | 3.3.1 SP4 | |
|----------------------+-------------+--------------------------|
VMware ESX 2.5.5 without update patch 8
VMware ESX 2.5.4 without update patch 19
NOTES: Hosted products VMware Workstation 5.x, VMware Player 1.x,
and VMware ACE 1.x will reach end of general support
2008-11-09. Customers should plan to upgrade to the latest
version of their respective products.
ESX 3.0.1 is in Extended Support and its end of extended
support (Security and Bug fixes) is 2008-07-31. Users should plan
to upgrade to at least 3.0.2 update 1 and preferably the newest
==========
Upgrading to newer versions of the above packages will neither remove
possibly compromised SSL certificates, nor old binary packages. Please
remove the certificates installed by Portage, and then emerge an
upgrade to the package.
All Conserver users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/conserver-8.1.16"
==========
Upgrading to newer versions of the above packages will neither remove
possibly compromised SSL certificates, nor old binary packages. Please
remove the certificates installed by Portage, and then emerge an
upgrade to the package.
All Conserver users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/conserver-8.1.16"
2. Relevant releases:
ESX Server 3.0.2 without patches ESX-1003362, ESX-1003359, ESX-1003360
ESX Server 3.0.1 without patches ESX-1003350, ESX-1003347, ESX-1003348
ESX Server 2.5.5 Upgrade Patch 4
ESX Server 2.5.4 Upgrade Patch 15
NOTE: ESX 2.5.4 is in Extended Support and its end of support (Security
~ and Bug fixes) is 10/08/2008. Users should plan to upgrade to at
~ least 2.5.5 and preferably the newest release available before the
VMware ESX 3.5 without patch ESX350-200810201-UG
VMware ESX 3.0.3 without patch ESX303-200810501-BG
VMware ESX 3.0.2 without patch ESX-1006680
VMware ESX 2.5.5 without upgrade patch 10 or later
VMware ESX 2.5.4 without upgrade patch 21
NOTE: Hosted products VMware Workstation 5.x, VMware Player 1.x,
and VMware ACE 1.x will reach end of general support
2008-11-09. Customers should plan to upgrade to the latest
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following firmware upgrades available to resolve the vulnerability. These upgrades are available on http://welcome.hp.com/country/us/en/support.html?pageDisplay=drivers
ProLiant Server
Vulnerable Lights-Out 100 Remote Management Firmware Version
Resolution Version
ESX-1002975, ESX-1002976
ESX Server 3.0.1 without patches ESX-1002962, ESX-1002963, ESX-1002964,
ESX-1002968, ESX-1002972, ESX-1003176
ESX Server 2.5.5 before Upgrade Patch 3
ESX Server 2.5.5 before Upgrade Patch 14
3. Problem description:
I Service Console package security updates
firefox 3.6.6+nobinonly-0ubuntu0.10.04.1
xulrunner-1.9.2 1.9.2.6+nobinonly-0ubuntu0.10.04.1
Mozilla has changed the support model for Firefox and they no longer
support version 3.0 of the browser. As a result, Ubuntu is providing an
upgrade to Firefox 3.6 for Ubuntu 8.04 LTS users, which is the most current
stable release of Firefox supported by Mozilla. When upgrading, users
should be aware of the following:
- Firefox 3.6 does not support version 5 of the Sun Java plugin. Please use
icedtea-java7-plugin or sun-java6-plugin instead.
There is no known workaround at this time.
Resolution
==========
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/mozilla-firefox-2.0.0.16"
All Mozilla Firefox binary users should upgrade to the latest version:
Cisco WebEx meeting service. The Cisco WebEx meeting service
automatically downloads, installs, and configures Meeting Manager the
first time a user begins or joins a meeting.
When users connect to the WebEx meeting service, the WebEx Meeting
Manager is automatically upgraded to the latest version. There is a
manual workaround available for users who are not able to connect to
the WebEx meeting service.
Cisco WebEx is in the process of upgrading the meeting service
infrastructure with fixed versions of the affected file.
administrative control of the AVS system.
After upgrading to software version AVS 5.1.0, users will be prompted to
modify these credentials.
Cisco will make free upgrade software available to address this
vulnerability for affected customers. The software upgrade will
be applicable only for the AVS 3120, 3180, and 3180A systems. The
workaround identified in this document describes how to change the
passwords in current releases of software for the AVS 3110.
There is no known workaround at this time.
Resolution
==========
All PostgreSQL 8.2 users should upgrade to the latest 8.2 base version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-db/postgresql-base-8.2.22:8.2"
All PostgreSQL 8.3 users should upgrade to the latest 8.3 base version:
There is no known workaround at this time.
Resolution
==========
All aterm users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/aterm-1.0.1-r1"
All Eterm users should upgrade to the latest version:
There is no known workaround at this time.
Resolution
==========
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask -1 -v ">=www-client/mozilla-firefox-2.0.0.14"
All Mozilla Firefox binary users should upgrade to the latest version:
ESX Server 2.5.x
Users should remove the OpenPegasus CIM Management rpm. This
component is disabled by default, and VMware recommends that you
do not use this component of ESX Server 2.x. If you want to
use the CIM functionality, upgrade to ESX Server 3.0.1 or a later
release.
Note: This vulnerability can be exploited remotely only if the
attacker has access to the service console network.
There is no known workaround at this time.
Resolution
==========
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-2.0.0.6"
All Mozilla Firefox binary users should upgrade to the latest version:
Windows
NNM_01203 or subsequent
OV NNM v7.51
Upgrade to NNM v7.53 and apply the NNM v7.53 resolution listed above.
Patch bundles for upgrading from NNM v7.51 to NNM v7.53 are available using ftp:
Host
Account
Password
Windows
NNM_01201 or subsequent
OV NNM v7.51
Upgrade to NNM v7.53 and apply the NNM v7.53 resolution listed above.
Patch bundles for upgrading from NNM v7.51 to NNM v7.53 are available using ftp:
Host
Account
Password
Windows
NNM_01198 or subsequent
OV NNM v7.51
Upgrade to NNM v7.53 and apply the NNM v7.53 resolution listed above.
Patch bundles for upgrading from NNM v7.51 to NNM v7.53 are available using ftp:
Host
Account
Password
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following upgrades to resolve the vulnerability.
The updates are available from http://software.hp.com.
HP-UX Release / Sendmail version / Action
B.11.11 / 8.13.3 / Upgrade to B.11.11.02.008 or subsequent
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following upgrades to resolve the vulnerability.
The updates are available from http://software.hp.com.
HP-UX Release / Sendmail version / Action
B.11.11 / 8.13.3 / Upgrade to B.11.11.02.008 or subsequent
Windows
NNM_01197 or subsequent
OV NNM v7.51
Upgrade to NNM v7.53 and apply the NNM v7.53 resolution listed above.
Patch bundles for upgrading from NNM v7.51 to NNM v7.53 are available using ftp:
Host
Account
Password
There is no known workaround at this time.
Resolution
==========
All Sun JRE 1.5.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose =dev-java/sun-jre-bin-1.5.0.22
All Sun JRE 1.6.x users should upgrade to the latest version:
Next Page>>
|
