Menu
VMware patches third-party components in vSphere platform

VMware patches third-party components in vSphere platform

VCenter Server and ESXi patches update the bundled versions of Apache Struts, Apache Tomcat, glibc and JRE

VMware has updated third-party libraries and components used by its vSphere server virtualization platform to integrate security patches released in recent months.

The company released vCenter Server 5.5 Update 2 in order to include a patch for a remote code execution vulnerability in the Apache Struts Web framework used inside the product.

The same vCenter Server release updates the Apache Tomcat component to version 7.0.52, originally released in February, which includes fixes for two denial-of-service and one information disclosure vulnerabilities.

VCenter Server 5.5 Update 2 and vCenter Update Manager 5.5 Update 2 change the bundled Java Runtime Environment (JRE) version to 1.7 Update 55 that was released in April. This Java version contains patches for 37 security vulnerabilities.

The VMware vSphere Hypervisor (ESXi) received a patch called ESXi550-201409101-SG that updates the included GNU C Library (glibc) in order to address two buffer overflow vulnerabilities that can trigger denial-of-service conditions.

Updates and patches are pending for vCenter Server and ESXi 5.1 and 5.0, the company said in a security advisory.

Security researchers have repeatedly warned in the past that because many software projects use third-party libraries, vulnerabilities identified and patched in those components can linger on in some programs for months and even years. VMware is one of the software makers that do catch up with third-party code patches periodically, but not all of them do.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags patch managementVMwarepatches

Brand Post

Featured

Slideshows

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Show Comments