ID

VAR-201410-1418

CVE

CVE-2014-3566

TITLE

OpenSSL CVE-2014-3566 Man In The Middle Information Disclosure Vulnerability

DESCRIPTION

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. OpenSSL is prone to an information disclosure vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. The following versions are vulnerable: OpenSSL 0.9.8 prior to 0.9.8zc OpenSSL 1.0.0 prior to 1.0.0o OpenSSL 1.0.1 prior to 1.0.1j. SSL protocol is the abbreviation of Secure Socket Layer protocol (Secure Socket Layer) developed by Netscape, which provides security and data integrity guarantee for Internet communication. The vulnerability is caused by the program's use of non-deterministic CBC padding. SSLv3 may be enabled when STARTTLS is configured . Note: The vulnerability is only possible if sendmail is configured to use STARTTLS. Configurations not using STARTTLS are not vulnerable so the following steps are not necessary. Edit the configuration file ./etc/mail/sendmail.cf.. Locate the lines where the STARTTLS options are set. Summary: Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Client 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0413) The CVE-2015-0383 issue was discovered by Red Hat. Note: With this update, the Oracle Java SE now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the Red Hat Bugzilla bug linked to in the References section for instructions on how to re-enable SSL 3.0 support if needed. All running instances of Oracle Java must be restarted for the update to take effect. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1123870 - CVE-2015-0383 OpenJDK: insecure hsperfdata temporary file handling (Hotspot, 8050807) 1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack 1183020 - CVE-2014-6601 OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982) 1183021 - CVE-2015-0412 OpenJDK: insufficient code privileges checks (JAX-WS, 8054367) 1183023 - CVE-2015-0408 OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309) 1183031 - CVE-2015-0395 OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125) 1183043 - CVE-2015-0407 OpenJDK: directory information leak via file chooser (Swing, 8055304) 1183044 - CVE-2015-0410 OpenJDK: DER decoder infinite loop (Security, 8059485) 1183049 - CVE-2014-6593 OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555) 1183645 - CVE-2014-6585 ICU: font parsing OOB read (OpenJDK 2D, 8055489) 1183646 - CVE-2014-6591 ICU: font parsing OOB read (OpenJDK 2D, 8056276) 1183715 - CVE-2014-6587 OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264) 1184275 - CVE-2015-0403 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment) 1184277 - CVE-2015-0406 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment) 1184278 - CVE-2015-0413 Oracle JDK: unspecified vulnerability fixed in 7u75 and 8u31 (Serviceability) 6. Package List: Oracle Java for Red Hat Enterprise Linux Client 5: i386: java-1.7.0-oracle-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el5_11.i586.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 5: i386: java-1.7.0-oracle-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el5_11.i586.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: i386: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation 6: i386: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): Source: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.src.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.2.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): Source: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.src.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.2.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): Source: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.src.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.2.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.src.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2015-0001 Synopsis: VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues Issue date: 2015-01-27 Updated on: 2015-01-27 (Initial Advisory) CVE number: CVE-2014-8370, CVE-2015-1043, CVE-2015-1044 --- OPENSSL--- CVE-2014-3513, CVE-2014-3567,CVE-2014-3566, CVE-2014-3568 --- libxml2 --- CVE-2014-3660 - ------------------------------------------------------------------------ 1. Summary VMware vCenter Server, ESXi, Workstation, Player and Fusion address several security issues. 2. Relevant Releases VMware Workstation 10.x prior to version 10.0.5 VMware Player 6.x prior to version 6.0.5 VMware Fusion 7.x prior to version 7.0.1 VMware Fusion 6.x prior to version 6.0.5 vCenter Server 5.5 prior to Update 2d ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG ESXi 5.1 without patch ESXi510-201404101-SG ESXi 5.0 without patch ESXi500-201405101-SG 3. Problem Description a. VMware ESXi, Workstation, Player, and Fusion host privilege escalation vulnerability VMware ESXi, Workstation, Player and Fusion contain an arbitrary file write issue. Exploitation this issue may allow for privilege escalation on the host. The vulnerability does not allow for privilege escalation from the guest Operating System to the host or vice-versa. This means that host memory can not be manipulated from the Guest Operating System. Mitigation For ESXi to be affected, permissions must have been added to ESXi (or a vCenter Server managing it) for a virtual machine administrator role or greater. VMware would like to thank Shanon Olsson for reporting this issue to us through JPCERT. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-8370 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======= ======= ================= Workstation 11.x any not affected Workstation 10.x any 10.0.5 Player 7.x any not affected Player 6.x any 6.0.5 Fusion 7.x any not affected Fusion 6.x any 6.0.5 ESXi 5.5 ESXi ESXi550-201403102-SG ESXi 5.1 ESXi ESXi510-201404101-SG ESXi 5.0 ESXi ESXi500-201405101-SG b. VMware Workstation, Player, and Fusion Denial of Service vulnerability VMware Workstation, Player, and Fusion contain an input validation issue in the Host Guest File System (HGFS). This issue may allow for a Denial of Service of the Guest Operating system. VMware would like to thank Peter Kamensky from Digital Security for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-1043 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======= ======= ================= Workstation 11.x any not affected Workstation 10.x any 10.0.5 Player 7.x any not affected Player 6.x any 6.0.5 Fusion 7.x any 7.0.1 Fusion 6.x any 6.0.5 c. VMware ESXi, Workstation, and Player Denial of Service vulnerability VMware ESXi, Workstation, and Player contain an input validation issue in VMware Authorization process (vmware-authd). This issue may allow for a Denial of Service of the host. On VMware ESXi and on Workstation running on Linux the Denial of Service would be partial. VMware would like to thank Dmitry Yudin @ret5et for reporting this issue to us through HP's Zero Day Initiative. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-1044 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======= ======= ================= Workstation 11.x any not affected Workstation 10.x any 10.0.5 Player 7.x any not affected Player 6.x any 6.0.5 Fusion 7.x any not affected Fusion 6.x any not affected ESXi 5.5 ESXi ESXi550-201501101-SG ESXi 5.1 ESXi ESXi510-201410101-SG ESXi 5.0 ESXi not affected d. Update to VMware vCenter Server and ESXi for OpenSSL 1.0.1 and 0.9.8 package The OpenSSL library is updated to version 1.0.1j or 0.9.8zc to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-3513, CVE-2014-3567, CVE-2014-3566 ("POODLE") and CVE-2014-3568 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======= ======= ================= vCenter Server 5.5 any Update 2d* vCenter Server 5.1 any patch pending vCenter Server 5.0 any patch pending ESXi 5.5 ESXi ESXi550-201501101-SG ESXi 5.1 ESXi patch pending ESXi 5.0 ESXi patch pending * The VMware vCenter 5.5 SSO component will be updated in a later release e. Update to ESXi libxml2 package The libxml2 library is updated to version libxml2-2.7.6-17 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-3660 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======= ======= ================= ESXi 5.5 ESXi ESXi550-201501101-SG ESXi 5.1 ESXi patch pending ESXi 5.0 ESXi patch pending 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. VMware Workstation 10.x -------------------------------- https://www.vmware.com/go/downloadworkstation VMware Player 6.x -------------------------------- https://www.vmware.com/go/downloadplayer VMware Fusion 7.x and 6.x -------------------------------- https://www.vmware.com/go/downloadplayer vCenter Server ---------------------------- Downloads and Documentation: https://www.vmware.com/go/download-vsphere ESXi 5.5 Update 2d ---------------------------- File: update-from-esxi5.5-5.5_update01.zip md5sum: 5773844efc7d8e43135de46801d6ea25 sha1sum: 6518355d260e81b562c66c5016781db9f077161f http://kb.vmware.com/kb/2065832 update-from-esxi5.5-5.5_update01 contains ESXi550-201403102-SG ESXi 5.5 ---------------------------- File: ESXi550-201501001.zip md5sum: b0f2edd9ad17d0bae5a11782aaef9304 sha1sum: 9cfcb1e2cf1bb845f0c96c5472d6b3a66f025dd1 http://kb.vmware.com/kb/2099265 ESXi550-201501001.zip contains ESXi550-201501101-SG ESXi 5.1 ---------------------------- File: ESXi510-201404001.zip md5sum: 9dc3c9538de4451244a2b62d247e52c4 sha1sum: 6b1ea36a2711665a670afc9ae37cdd616bb6da66 http://kb.vmware.com/kb/2070666 ESXi510-201404001 contains ESXi510-201404101-SG ESXi 5.0 ---------------------------- File: ESXi500-201405001.zip md5sum: 7cd1afc97f5f1e4b4132c90835f92e1d sha1sum: 4bd77eeb5d7fc65bbb6f25762b0fa74fbb9679d5 http://kb.vmware.com/kb/2075521 ESXi500-201405001 contains ESXi500-201405101-SG 5. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1043 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660 - ------------------------------------------------------------------------ 6. Change log 2015-01-27 VMSA-2015-0001 Initial security advisory in conjunction with the release of VMware Workstation 10.0.5, VMware Player 6.0.5, vCenter Server 5.5 Update 2d and, ESXi 5.5 Patches released on 2015-01-27. - ------------------------------------------------------------------------ 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce at lists.vmware.com bugtraq at securityfocus.com fulldisclosure at seclists.org E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories Consolidated list of VMware Security Advisories http://kb.vmware.com/kb/2078735 VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html Twitter https://twitter.com/VMwareSRC Copyright 2015 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.3.0 (Build 8741) Charset: utf-8 wj8DBQFUx/+UDEcm8Vbi9kMRAmzrAKDG7u8ZTSlfQzU3eFphjebNgDkW2ACfZ9JE c75UD0ctlJx5607JuLfnb6Y= =IxpT -----END PGP SIGNATURE----- . The update is available from HPE Software Depot: https://h20392.www2.hpe.com/ portal/swdepot/displayProductInfo.do?productNumber=HPVPRhttps://www.hpe.com Note: HPE recommends customers using OV4VC 7.8.1 and earlier should upgrade to OV4VC 7.8.2. This addresses all SSL security vulnerabilities reported through March 28, 2016. Open the /opt/sdn/virgo/configuration/tomcat-server.xml file for editing Change the following line from this: clientAuth="false" sslEnabledProtocols="TLSv1.0, TLSv1.1,TLSv1.2" to this: clientAuth="false" sslEnabledProtocols=" TLSv1.1,TLSv1.2" Restart the controller. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04553458 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04553458 Version: 1 HPSBGN03237 rev.1 - HP Insight Remote Support v7 Clients running SSLv3, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-02-02 Last Updated: 2015-02-02 Potential Security Impact: Remote disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP Insight Remote Support v7 Clients running SSLv3 which may affect WBEM, WS-MAN and WMI connections from monitored devices to an HP Insight Remote Support Hosting Device, such as an HP Insight Remote Support Central Management Server (CMS) . This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. HP Insight Remote Support 7.2 allows the Hosting Device administrator to disable SSLv3 ciphers. Some monitored devices may require an update to support TLS encryption, while others may not support TLS encryption at all. Disabling SSLv3 on the hosting device can result in loss of communication with such monitored devices. HP has provided the ability to address POODLE in the Insight Remote Support 7.2 release, but disabling SSLv3 requires the Hosting Device administrator to take specific actions to address this vulnerability. References: CVE-2014-3566 (SSRT101854) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Remote Support version 7 clients prior to version 7.2 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION All HP Insight Remote Support v7 clients prior to version 7.2 are vulnerable to this exploit. HP provides the ability to manually disable SSLv3 connections to the Hosting Device in the 7.2 client. Please refer to the following HP Insight Remote Support 7.2 documents for instructions on how to migrate to HP Insight Remote Support 7.2. http://www.hp.com/go/insightremotesupport/docs HP Insight Remote Support 7.2 Upgrade Guide HP Insight Remote Support 7.2 Installation and Configuration Guide NOTE: Certain monitored clients cannot communicate using the TLS protocol. These clients may require a firmware update to enable communication with the Hosting Device using the TLS protocol. Disabling SSLv3 on the HP Insight Remote Support Hosting Device may result in loss of communication with such clients. Check with your HP Support Representative to determine if your monitored devices can communicate using TLS 1.x prior to disabling SSLv3 to ensure continued communications with HP Insight Remote Support. Step 1: Update the HP Insight Remote Support Version 7.2 Client: As an administrator, log on to the Insight Remote Support user interface. Access the Administrator Settings page Click the Software Updates tab Select Insight Remote Support version 7.2.0.0026 (or later) Click INSTALL and follow the prompts Step 2: Disable SSLv3 on Hosting Device (Caution: see Note above) As an Administrator, log on to the Hosting Device Open a command window Run the following commands: rsadmin config -set uca.listeners.excludeprotocols=SSLv3 Net stop hprsmain Net start hprsmain Close the command window and log off HISTORY Version:1 (rev.1) - 2 February 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or a man-in-the-middle (MitM) attack. The updates are available from the following site. https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I HP-UX Release HP-UX OpenSSL version B.11.11 (11i v1) A.00.09.08zc.001_HP-UX_B.11.11_32+64.depot B.11.23 (11i v2) A.00.09.08zc.002a_HP-UX_B.11.23_IA-PA.depot B.11.31 (11i v3) A.00.09.08zc.003_HP-UX_B.11.31_IA-PA.depot MANUAL ACTIONS: Yes - Update Install OpenSSL A.00.09.08zc or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant

AFFECTED PRODUCTS