VMWare Issues Initial Heartbleed Fix

Wednesday, April 16, 2014 @ 04:04 PM gHale


As more Heartbleed information become available more companies are issuing patches, so VMWare is no different as it issued a security advisory listing which products suffer from the Heartbleed vulnerability. The advisory also said the company released one patch.

Quite a list of products ended up mentioned: vCenter Server, ESXi, VMware Fusion, NSX-MH, NSX-V, NVP, Horizon Mirage Edge Gateway, Horizon View Feature Pack, Horizon View Client, Horizon Workspace Server, Horizon Workspace Client, Horizon Workspace for Macintosh, Horizon Workspace for Windows, OVF Tool, vCloud Networking and Security and vCloud Automation Center (vCAC). Of these, a patch released for Horizon Workspace Server.

RELATED STORIES
Innominate Fixes Heartbleed Hole
Heartbleed an ICS Irritation, Not Disaster
Siemens Fixing Heartbleed Vulnerability
Other Threats from Heartbleed

An earlier VMWare knowledge base article listed the affected products, as well as a long list of unaffected VMWare products and services, plus one service — Socialcast — which underwent patching a few days ago.

Users of Horizon Workspace Server 1.0 should upgrade to version 1.5 and to apply the patch. Version 1.5 users should apply the same patch. Users of version 1.8 should apply this patch.

The advisory also mentions another, lesser vulnerability in one implementation of OpenSSL which ends up fixed in the new version without specifically saying if VMWare ended up affected by it.

Click here to view the security advisory.



Leave a Reply

You must be logged in to post a comment.