FYI...VMSA-2014-0004.6 - VMware product updates address OpenSSL security vulnerabilities
Updated on: 2014-04-20
... Change Log:
Initial security advisory in conjunction with the release of Horizon Workspace Server 1.8 and 1.5 updates on 2014-04-14
Updated security advisory in conjunction with the release of Horizon Mirage Edge Gateway 4.4.2 patch on 2014-04-15
Updated security advisory in conjunction with the release of vCloud Networking and Security 5.5.2 and 5.1.4 on 2014-04-16
Updated security advisory in conjunction with the release of Workstation 10.0.2, Fusion 6.0.3, Player 6.0.2 and Horizon Workspace Client 1.8.1 on 2014-04-17
Updated security advisory in conjunction with the release of NSX 6.0.4 for vSphere, Horizon View 5.3 Feature Pack 2 and Horizon View Clients 2.3.3 on 2014-04-18
Updated security advisory in conjunction with the release of vCenter Server 5.5.0c, vCenter Server 5.5 Update 1a, ESXi 5.5, Horizon Workspace Server 1.8.1, NSX for Multi-Hypervisor 4.0.2 and 4.1.1, NSX 3.2.2, OVF Tool 3.5.1, vCloud Automation Center (vCAC) 6.0.1, vSphere Big Data Extensions 1.1 and Client Integration Plug-In 5.5 on 2014-04-19
Updated security advisory in conjunction with the release of vCloud Director 188.8.131.52 on 2014-04-20
___VMware OpenSSL TLS/DTLS Heartbeat Vulnerabilities - Multiple Products
Last Update: 2014-04-21
Criticality: Moderately Critical
Where: From remote
Impact: Exposure of sensitive information ...
Purpose: The VMware Security Engineering, Communications, and Response group (vSECR) is investigating the OpenSSL issue dubbed "Heartbleed" (CVE-2014-0160).
This article reflects the status of the ongoing investigation.
Resolution: The following is a response to the current situation with the software security vulnerability dubbed Heartbleed:
The VMware Security and Engineering teams are working on remediation for the VMware products that have been impacted. VMware is acutely aware of the seriousness of the Heartbleed vulnerability, and all available resources are being directed toward a resolution amidst this industry-wide situation. VMware plans to release updated products and patches for all affected products in this article by April 19th. Please check this article for any updates or exceptions to this timeframe. See the lists below for affected products, and refer to the Resolution/mitigation section for steps to protect your systems while updates are being prepared...
Apr 9, 2014