Next Page >>
upgraded
VMware ESX 3.0.0 without patches ESX-4809553 ESX-1001204 ESX-1001206
ESX-1001212 ESX-1001205 ESX-1001207
ESX-1001208 ESX-1001209 ESX-1001210
ESX-1001211
VMware ESX 2.5.4 prior to upgrade patch 10 (Build# 53326)
VMware ESX 2.5.3 prior to upgrade patch 13 (Build# 52488)
VMware ESX 2.1.3 prior to upgrade patch 8 (Build# 53228)
VMware ESX 2.0.2 prior to upgrade patch 8 (Build# 52650)
3. Problem description:
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the name CVE-2008-0923 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
VMware ESX 3.0.3 without patch ESX303-200811401-BG
VMware ESX 3.0.2 without patch ESX-1006980
NOTE: General Support for Workstation version 5.x ended on
2009-03-19. Users should plan to upgrade to the latest
Workstation version 6.x release.
Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08.
Users should plan to upgrade to ESX 3.0.3 and preferably to
the newest release available.
VMware ESX 3.0.2 without patch ESX-1008420
VMware ESX 2.5.5 without update patch 13
Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08.
Users should plan to upgrade to ESX 3.0.3 and preferably to
the newest release available.
Extended support for ESX 2.5.5 ends on 2010-06-15. Users should plan
to upgrade to ESX 3.0.3 and preferably to the newest release
available.
VMware ESX 3.5 without patch ESX350-200912401-BG
VMware ESX 3.0.3 without patch ESX303-201002203-UG
VMware ESX 2.5.5 without Upgrade Patch 15.
Notes:
Effective May 2010, VMware's patch and update release program during
Extended Support will be continued with the condition that all
subsequent patch and update releases will be based on the latest
VMware ESX 3.5 without patch ESX350-200912401-BG
VMware ESX 3.0.3 without patch ESX303-201002203-UG
VMware ESX 2.5.5 without Upgrade Patch 15.
Notes:
Effective May 2010, VMware's patch and update release program during
Extended Support will be continued with the condition that all
subsequent patch and update releases will be based on the latest
VMware ESX 2.5.5 without update patch 8
VMware ESX 2.5.4 without update patch 19
NOTES: Hosted products VMware Workstation 5.x, VMware Player 1.x,
and VMware ACE 1.x will reach end of general support
2008-11-09. Customers should plan to upgrade to the latest
version of their respective products.
ESX 3.0.1 is in Extended Support and its end of extended
support (Security and Bug fixes) is 2008-07-31. Users should plan
to upgrade to at least 3.0.2 update 1 and preferably the newest
2. Relevant releases:
ESX Server 3.0.2 without patches ESX-1003362, ESX-1003359, ESX-1003360
ESX Server 3.0.1 without patches ESX-1003350, ESX-1003347, ESX-1003348
ESX Server 2.5.5 Upgrade Patch 4
ESX Server 2.5.4 Upgrade Patch 15
NOTE: ESX 2.5.4 is in Extended Support and its end of support (Security
~ and Bug fixes) is 10/08/2008. Users should plan to upgrade to at
~ least 2.5.5 and preferably the newest release available before the
==========
Upgrading to newer versions of the above packages will neither remove
possibly compromised SSL certificates, nor old binary packages. Please
remove the certificates installed by Portage, and then emerge an
upgrade to the package.
All Conserver users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/conserver-8.1.16"
==========
Upgrading to newer versions of the above packages will neither remove
possibly compromised SSL certificates, nor old binary packages. Please
remove the certificates installed by Portage, and then emerge an
upgrade to the package.
All Conserver users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/conserver-8.1.16"
VMware ESX 3.5 without patch ESX350-200810201-UG
VMware ESX 3.0.3 without patch ESX303-200810501-BG
VMware ESX 3.0.2 without patch ESX-1006680
VMware ESX 2.5.5 without upgrade patch 10 or later
VMware ESX 2.5.4 without upgrade patch 21
NOTE: Hosted products VMware Workstation 5.x, VMware Player 1.x,
and VMware ACE 1.x will reach end of general support
2008-11-09. Customers should plan to upgrade to the latest
* Cisco Security Manager
+---------------------------------------------------------------+
| CSM Version | Remediation | Location |
|----------------------+-------------+--------------------------|
| 3.2. 3.2 SP1, 3.2 | Upgrade to | - |
| SP2 | 3.3.1 SP4 | |
|----------------------+-------------+--------------------------|
| 3.2.1, 3.2.1 SP1 | Upgrade to | - |
| | 3.3.1 SP4 | |
|----------------------+-------------+--------------------------|
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following firmware upgrades available to resolve the vulnerability. These upgrades are available on http://welcome.hp.com/country/us/en/support.html?pageDisplay=drivers
ProLiant Server
Vulnerable Lights-Out 100 Remote Management Firmware Version
Resolution Version
ESX-1002975, ESX-1002976
ESX Server 3.0.1 without patches ESX-1002962, ESX-1002963, ESX-1002964,
ESX-1002968, ESX-1002972, ESX-1003176
ESX Server 2.5.5 before Upgrade Patch 3
ESX Server 2.5.5 before Upgrade Patch 14
3. Problem description:
I Service Console package security updates
There is no known workaround at this time.
Resolution
==========
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/mozilla-firefox-2.0.0.16"
All Mozilla Firefox binary users should upgrade to the latest version:
administrative control of the AVS system.
After upgrading to software version AVS 5.1.0, users will be prompted to
modify these credentials.
Cisco will make free upgrade software available to address this
vulnerability for affected customers. The software upgrade will
be applicable only for the AVS 3120, 3180, and 3180A systems. The
workaround identified in this document describes how to change the
passwords in current releases of software for the AVS 3110.
There is no known workaround at this time.
Resolution
==========
All PostgreSQL 8.2 users should upgrade to the latest 8.2 base version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-db/postgresql-base-8.2.22:8.2"
All PostgreSQL 8.3 users should upgrade to the latest 8.3 base version:
Cisco WebEx meeting service. The Cisco WebEx meeting service
automatically downloads, installs, and configures Meeting Manager the
first time a user begins or joins a meeting.
When users connect to the WebEx meeting service, the WebEx Meeting
Manager is automatically upgraded to the latest version. There is a
manual workaround available for users who are not able to connect to
the WebEx meeting service.
Cisco WebEx is in the process of upgrading the meeting service
infrastructure with fixed versions of the affected file.
There is no known workaround at this time.
Resolution
==========
All aterm users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/aterm-1.0.1-r1"
All Eterm users should upgrade to the latest version:
There is no known workaround at this time.
Resolution
==========
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask -1 -v ">=www-client/mozilla-firefox-2.0.0.14"
All Mozilla Firefox binary users should upgrade to the latest version:
ESX Server 2.5.x
Users should remove the OpenPegasus CIM Management rpm. This
component is disabled by default, and VMware recommends that you
do not use this component of ESX Server 2.x. If you want to
use the CIM functionality, upgrade to ESX Server 3.0.1 or a later
release.
Note: This vulnerability can be exploited remotely only if the
attacker has access to the service console network.
operating system.
Software Versions and Fixes
===========================
When considering software upgrades, also consult http://www.cisco.com/go/psirt
and any subsequent advisories to determine exposure and a complete upgrade
solution.
In all cases, customers should exercise caution to be certain the devices to be
upgraded contain sufficient memory and that current hardware and software
exception 1 IDLE error.
This vulnerability is documented in Cisco bug ID CSCsh57876.
In normal operations, the MSFC CLI handles the management of the CSM
and CSM-S; however, in order to upgrade the software, a user must
first log into the switch and session to the module.
For more information on how to upgrade your CSM, visit the
http://www.cisco.com/en/US/products/hw/modules/ps2706/products_tech_note09186a0080094526.shtml
page on Cisco.com.
There is no known workaround at this time.
Resolution
==========
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-2.0.0.6"
All Mozilla Firefox binary users should upgrade to the latest version:
DoS condition.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to determine
exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
of Cisco Digital Media Manager:
+-------------------------------------------------------------------+
| Version | Remediation |
|-------------------+-----------------------------------------------|
| 5.2.1 | Upgrade to 5.2.2.1 |
|-------------------+-----------------------------------------------|
| 5.2.1.1 | Upgrade to 5.2.2.1 |
|-------------------+-----------------------------------------------|
| 5.2.2 | Upgrade to 5.2.2.1 |
|-------------------+-----------------------------------------------|
complete compromise of the affected system.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following upgrades to resolve the vulnerability.
The updates are available from http://software.hp.com.
HP-UX Release / Sendmail version / Action
B.11.11 / 8.13.3 / Upgrade to B.11.11.02.008 or subsequent
for both read and write access. The hard-coded community names are
"public" and "private."
Cisco recommends that all administrators deploy the mitigation
measures outlined in the Workarounds section or perform a Cisco IOS
Software upgrade.
Cisco has released free software updates that address this
vulnerability.
Workarounds that mitigate this vulnerability are available.
+------------------
The following products are affected by this vulnerability:
* Cisco Application Extension Platform version 1.1
* Cisco Application Extension Platform version 1.1.5 if upgraded from
version 1.1
Products Confirmed Not Vulnerable
+--------------------------------
Next Page>>
|
