VMware late to Heartbleed patch party

By

25 products affected.

Virtualisation vendor VMware has acknowledged several of its products are vulnerable to the Heartbleed bug, and is working on releasing patches days after news of the serious security issue broke.

VMware late to Heartbleed patch party

No fewer than 25 VMWare product families, running the vulnerable OpenSSL 1.0.1 version, are affected by the Heartbleed hole. These include the ESXi 5.5 hypervisor, vCentre Server 5.5 and Fusion 6.0, the company said in a security advisory.

The patch is likely to cause frustration for admins due to its Easter Monday (April 20) release date.

Updating some products, like the VFabric Web server 5.0.x - 5.3.x variants, requires a good amount of keyboarding for each instance, according to a separate security advisory [PDF].

VMware recommended that after the vulnerable products are patched, customers replace secure sockets layer (SSL) digital certificates and reset passwords.

VMware said it has already updated its production systems and replaced its SSL certificates, as well as revoked user sessions.

The company follows behind the likes of Amazon Web Services, Google and Yahoo, who patched several services against Heartbleed last week.

The Heartbleed bug allows attackers to access in-process data in server and client memory over what was thought to be secured communications. This in turn can reveal user credentials, permit the capture of private keys for digital certificates and also expose the contents of the communication. 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Orica to set new workforce systems live in Australia in July

Orica to set new workforce systems live in Australia in July

Lion builds an app to detect its beers on tap in venues

Lion builds an app to detect its beers on tap in venues

ANZ Institutional readies go-live for "multi-agent chatbot" amie

ANZ Institutional readies go-live for "multi-agent chatbot" amie

Victoria Police refreshes online reporting

Victoria Police refreshes online reporting

Log In

  |  Forgot your password?