Menu
VMware patches third-party components in vSphere platform

VMware patches third-party components in vSphere platform

VCenter Server and ESXi patches update the bundled versions of Apache Struts, Apache Tomcat, glibc and JRE

VMware has updated third-party libraries and components used by its vSphere server virtualization platform to integrate security patches released in recent months.

The company released vCenter Server 5.5 Update 2 in order to include a patch for a remote code execution vulnerability in the Apache Struts Web framework used inside the product.

The same vCenter Server release updates the Apache Tomcat component to version 7.0.52, originally released in February, which includes fixes for two denial-of-service and one information disclosure vulnerabilities.

VCenter Server 5.5 Update 2 and vCenter Update Manager 5.5 Update 2 change the bundled Java Runtime Environment (JRE) version to 1.7 Update 55 that was released in April. This Java version contains patches for 37 security vulnerabilities.

The VMware vSphere Hypervisor (ESXi) received a patch called ESXi550-201409101-SG that updates the included GNU C Library (glibc) in order to address two buffer overflow vulnerabilities that can trigger denial-of-service conditions.

Updates and patches are pending for vCenter Server and ESXi 5.1 and 5.0, the company said in a security advisory.

Security researchers have repeatedly warned in the past that because many software projects use third-party libraries, vulnerabilities identified and patched in those components can linger on in some programs for months and even years. VMware is one of the software makers that do catch up with third-party code patches periodically, but not all of them do.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securitypatch managementVMwarepatches

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments