VMware late to Heartbleed patch party

By

25 products affected.

Virtualisation vendor VMware has acknowledged several of its products are vulnerable to the Heartbleed bug, and is working on releasing patches days after news of the serious security issue broke.

VMware late to Heartbleed patch party

No fewer than 25 VMWare product families, running the vulnerable OpenSSL 1.0.1 version, are affected by the Heartbleed hole. These include the ESXi 5.5 hypervisor, vCentre Server 5.5 and Fusion 6.0, the company said in a security advisory.

The patch is likely to cause frustration for admins due to its Easter Monday (April 20) release date.

Updating some products, like the VFabric Web server 5.0.x - 5.3.x variants, requires a good amount of keyboarding for each instance, according to a separate security advisory [PDF].

VMware recommended that after the vulnerable products are patched, customers replace secure sockets layer (SSL) digital certificates and reset passwords.

VMware said it has already updated its production systems and replaced its SSL certificates, as well as revoked user sessions.

The company follows behind the likes of Amazon Web Services, Google and Yahoo, who patched several services against Heartbleed last week.

The Heartbleed bug allows attackers to access in-process data in server and client memory over what was thought to be secured communications. This in turn can reveal user credentials, permit the capture of private keys for digital certificates and also expose the contents of the communication. 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Rio Tinto AI tool aids defect elimination in rail operations

Rio Tinto AI tool aids defect elimination in rail operations

Curtin University makes headway on 'radical' tech shakeup

Curtin University makes headway on 'radical' tech shakeup

GO Markets chases former CIO over IT contracts

GO Markets chases former CIO over IT contracts

Salesforce blocks AI rivals from using Slack data

Salesforce blocks AI rivals from using Slack data

Log In

  |  Forgot your password?