VMware late to Heartbleed patch party

By
Follow google news

25 products affected.

Virtualisation vendor VMware has acknowledged several of its products are vulnerable to the Heartbleed bug, and is working on releasing patches days after news of the serious security issue broke.

VMware late to Heartbleed patch party

No fewer than 25 VMWare product families, running the vulnerable OpenSSL 1.0.1 version, are affected by the Heartbleed hole. These include the ESXi 5.5 hypervisor, vCentre Server 5.5 and Fusion 6.0, the company said in a security advisory.

The patch is likely to cause frustration for admins due to its Easter Monday (April 20) release date.

Updating some products, like the VFabric Web server 5.0.x - 5.3.x variants, requires a good amount of keyboarding for each instance, according to a separate security advisory [PDF].

VMware recommended that after the vulnerable products are patched, customers replace secure sockets layer (SSL) digital certificates and reset passwords.

VMware said it has already updated its production systems and replaced its SSL certificates, as well as revoked user sessions.

The company follows behind the likes of Amazon Web Services, Google and Yahoo, who patched several services against Heartbleed last week.

The Heartbleed bug allows attackers to access in-process data in server and client memory over what was thought to be secured communications. This in turn can reveal user credentials, permit the capture of private keys for digital certificates and also expose the contents of the communication. 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

National photo licence recognition system set to go live in 2025

National photo licence recognition system set to go live in 2025

ANZ CEO backs Plus tech stack, but changes "inefficient" delivery

ANZ CEO backs Plus tech stack, but changes "inefficient" delivery

Qld lifts 12-year ban on IBM after $1.25bn payroll failure

Qld lifts 12-year ban on IBM after $1.25bn payroll failure

Google says Australian law on age verification 'extremely difficult' to enforce

Google says Australian law on age verification 'extremely difficult' to enforce

Log In

  |  Forgot your password?