Shell Shock vulnerability patch available VMSA-2014-0010

Today VMware has released the following new security advisory: “VMSA-2014-0010“. This advisory list the VMware product updates and patches that address the bash security issues CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187, aka shellshock. It will be updated when new product updates and patches are released in the coming days.

Relevant Releases (Affected products for which remediation is present)

ESX 4.1 without patch ESX410-201410401-SG
ESX 4.0 without patch ESX400-201410401-SG
vCenter Server Appliance prior to 5.5 U2a
vCenter Server Appliance prior to 5.1 U2b
vCenter Server Appliance prior to 5.0 U3b
vCloud Director Appliance prior to 5.5.1.3
VMware Data Recovery prior to 2.0.4
VMware Mirage Gateway prior to 5.1.1
vSphere Storage Appliance prior to 5.5.2
vCenter Log Insight prior to 2.0U1

Here is the list of products that were awaiting for the fix. The following Products that were shipped as a (virtual) appliance and were awaiting for a Patch to fix the issue.
Product Product
Product Version
Running on
Replace with / Apply Patch
vCenter Server Appliance
5.x
Linux
5.5 U2a, 5.1 U2b, 5.0 U3b
Horizon DaaS Platform
6.x
Linux
Patch Pending
Horizon Workspace
1.x, 2.x
Linux
Patch Pending
IT Business Management Suite
1.x
Linux
Patch Pending
NSX for Multi-Hypervisor
4.x
Linux
Patch Pending
NSX for vSphere
6.x
Linux
Patch Pending
NVP
3.x
Linux
Patch Pending
vCenter Converter Standalone
5.x
Linux
Patch Pending**
vCenter Hyperic Server
5.x
Linux
Patch Pending
vCenter Infrastructure Navigator
5.x
Linux
Patch Pending
vCenter Log Insight
1.x, 2.x
Linux
2.0 U1
vCenter Operations Manager
5.x
Linux
Patch Pending
vCenter Orchestrator Appliance
4.x, 5.x
Linux
Patch Pending
vCenter Site Recovery Manager
5.x
Linux
Patch Pending**
vCenter Support Assistant
5.x
Linux
Patch Pending
vCloud Automation Center
6.x
Linux
Patch Pending
vCloud Automation Center Application Services
6.x
Linux
Patch Pending
vCloud Director Appliance
5.x
Linux
5.5.1.3
vCloud Connector
2.x
Linux
Patch Pending
vCloud Networking and Security
5.x
Linux
Patch Pending
vCloud Usage Meter
3.x
Linux
Patch Pending
vFabric Application Director
5.x, 6.x
Linux
Patch Pending
vFabric Postgres
9.x
Linux
Patch Pending
Viewplanner
3.x
Linux
Patch Pending
VMware Application Dependency Planner
x.x
Linux
Patch Pending
VMware Data Recovery
2.x
Linux
2.0.4
VMware HealthAnalyzer
5.x
Linux
Patch Pending
VMware Mirage Gateway
5.x
Linux
5.1.1
VMware Socialcast On Premise
x.x
Linux
Patch Pending
VMware Studio
2.x
Linux
Patch Pending
VMware TAM Data Manager
x.x
Linux
Patch Pending
VMware Workbench
3.x
Linux
Patch Pending
vSphere App HA
1.x
Linux
Patch Pending
vSphere Big Data Extensions
1.x, 2.x
Linux
Patch Pending
vSphere Data Protection
5.x
Linux
Patch Pending
vSphere Management Assistant
5.x
Linux
Patch Pending
vSphere Replication
5.x
Linux
Patch Pending
vSphere Storage Appliance
5.x
Linux
5.5.2


** This product includes Virtual Appliances that will be updated, the product itself is not a Virtual Appliance. – See more at: http://www.vmware.com/security/advisories/VMSA-2014-0010.html#sthash.LNqJ9zdq.dpuf 

ESX 4.1 without patch ESX410-201410401-SG
ESX 4.0 without patch ESX400-201410401-SG

vCenter Server Appliance prior to 5.5 U2a
vCenter Server Appliance prior to 5.1 U2b
vCenter Server Appliance prior to 5.0 U3b
vCloud Director Appliance prior to 5.5.1.3
VMware Data Recovery prior to 2.0.4
VMware Mirage Gateway prior to 5.1.1
vSphere Storage Appliance prior to 5.5.2
vCenter Log Insight prior to 2.0U1 – See more at: http://www.vmware.com/security/advisories/VMSA-2014-0010.html#sthash.LNqJ9zdq.dpuf

ESX 4.1 without patch ESX410-201410401-SG
ESX 4.0 without patch ESX400-201410401-SG

vCenter Server Appliance prior to 5.5 U2a
vCenter Server Appliance prior to 5.1 U2b
vCenter Server Appliance prior to 5.0 U3b
vCloud Director Appliance prior to 5.5.1.3
VMware Data Recovery prior to 2.0.4
VMware Mirage Gateway prior to 5.1.1
vSphere Storage Appliance prior to 5.5.2
vCenter Log Insight prior to 2.0U1 – See more at: http://www.vmware.com/security/advisories/VMSA-2014-0010.html#sthash.LNqJ9zdq.dpuf

ESX 4.1 without patch ESX410-201410401-SG
ESX 4.0 without patch ESX400-201410401-SG

vCenter Server Appliance prior to 5.5 U2a
vCenter Server Appliance prior to 5.1 U2b
vCenter Server Appliance prior to 5.0 U3b
vCloud Director Appliance prior to 5.5.1.3
VMware Data Recovery prior to 2.0.4
VMware Mirage Gateway prior to 5.1.1
vSphere Storage Appliance prior to 5.5.2
vCenter Log Insight prior to 2.0U1 – See more at: http://www.vmware.com/security/advisories/VMSA-2014-0010.html#sthash.LNqJ9zdq.dpuf

Leave a Reply