VMware late to Heartbleed patch party

By on
VMware late to Heartbleed patch party

25 products affected.

Virtualisation vendor VMware has acknowledged several of its products are vulnerable to the Heartbleed bug, and is working on releasing patches days after news of the serious security issue broke.

No fewer than 25 VMWare product families, running the vulnerable OpenSSL 1.0.1 version, are affected by the Heartbleed hole. These include the ESXi 5.5 hypervisor, vCentre Server 5.5 and Fusion 6.0, the company said in a security advisory.

The patch is likely to cause frustration for admins due to its Easter Monday (April 20) release date.

Updating some products, like the VFabric Web server 5.0.x - 5.3.x variants, requires a good amount of keyboarding for each instance, according to a separate security advisory [PDF].

VMware recommended that after the vulnerable products are patched, customers replace secure sockets layer (SSL) digital certificates and reset passwords.

VMware said it has already updated its production systems and replaced its SSL certificates, as well as revoked user sessions.

The company follows behind the likes of Amazon Web Services, Google and Yahoo, who patched several services against Heartbleed last week.

The Heartbleed bug allows attackers to access in-process data in server and client memory over what was thought to be secured communications. This in turn can reveal user credentials, permit the capture of private keys for digital certificates and also expose the contents of the communication. 

Copyright © iTnews.com.au . All rights reserved.

Most Read Articles

Log In

|  Forgot your password?