Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

In an urgent manner, VMware and Xen issue critical security fixes

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

December 21, 2015

VMware has said earlier this morning that its vRealize Orchestrator, vRealize Operations, vCenter Operations and vCenter Application Discovery Manager software all need fixing to harden them against a critical deserialization security vulnerability.

The security hole involves Apache Commons-collections and a specially constructed chain of classes.

These security bugs can also result in remote code execution, with the permissions of the application using the Commons-collections library, vmWare has said.

To be sure, vRealize Orchestrator 6.x can be cured with a fix, while vCenter Orchestrator's inoculation is yours for the taking for version 5.x on the company's site.

Security patches for vRealize Operations and vCenter operations are on their way VMware says, but with a more-or-less acceptable delay since the exploitation is limited to just local users.

For its part, vCenter Application Discovery Manager's patch is still pending for now. We should get news about that one soon we are told.

System administrators of virtualised platforms are coping with this just before Christmas, as the Xen Project has also popped out some patches as well.

For example, XSE-164 could see some nasty escalation of the qemu process, while XSA-165 could make it possible to retrieve encryption keys from a Xen-powered rig.

And as for XSA-166, well it could offer some priviledge escalation possibilities to potential attackers, so system admins should be on the lookout for all those nasty surprises.

Source: VMware and The XEN Project.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer