Heartbleed VMware – Lista prodotti affetti dal bug:
Quasi tutti i prodotti VMware rilasciati negli ultimi 2 anni utilizzano la libreria OpenSSL dalla versione 1.0.1 in poi.
Gli ingegneri della software house sono a lavoro per trovare soluzioni opportune prodotto per prodotto, il link a cui fare riferimento è questo:
Knowledge Base: 2076225
Updated: Apr 20, 2014
I prodotti confermati affetti dal bug sono i seguenti:
- ESXi 5.5 (for specific remediation details, see VMware Security Advisory VMSA-2014-0004)
- NSX for Multi-Hypervisor Manager 4.0.x and 4.1.x (for specific remediation details, see VMware Security Advisory VMSA-2014-0004)
- NSX 6.0.x for vSphere (for specific remediation details, see VMware Security Advisory VMSA-2014-0004)
- NVP 3.x (for specific remediation details, see VMware Security Advisory VMSA-2014-0004)
- vCenter Server 5.5, including VMware Big Data Extensions 1.x (for specific remediation details, see VMware Security Advisory VMSA-2014-0004)
- vFabric Web Server 5.0.x – 5.3.x (For remediation details, see the Security Advisory on Critical Updates to vFabric Web Server document.)
- VMware Client Integration Plug-In (CIP) version 5.5 (CIP installs the OVFTool and is used with vCD, vCHS, and vSphere for browser OVF file upload. For specific remediation details, see VMware Security Advisory VMSA-2014-0004 and http://blogs.vmware.com/vcloud/2014/04/ovf-upload-browser-plugin-vuln.html.)
- VMware Fusion 6.0.x (for specific remediation details, see VMware Security Advisory VMSA-2014-0004)
- VMware Player 6.0.x (for specific remediation details, see VMware Security Advisory VMSA-2014-0004)
- VMware Workstation 10.x (for specific remediation details, see VMware Security Advisory VMSA-2014-0004)
- VMware Horizon Mirage Edge Gateway 4.4.x (for specific remediation details, see VMware Security Advisory VMSA-2014-0004)
- VMware Horizon View 5.3 Feature Pack 1 (affects only the HTML Access component in the Remote Experience Agent, for specific remediation details, see VMware Security Advisory VMSA-2014-0004)
- VMware Horizon View Client for Android 2.1.x, 2.2.x, 2.3.x (for specific remediation details, see VMware Security Advisory VMSA-2014-0004)
- VMware Horizon View Client for iOS 2.1.x, 2.2.x, 2.3.x (for specific remediation details, see VMware Security Advisory VMSA-2014-0004)
- VMware Horizon View Client for Windows 2.3.x (for specific remediation details, see VMware Security Advisory VMSA-2014-0004)
- VMware Horizon Workspace 1.0 (for specific remediation details, see VMware Security Advisory VMSA-2014-0004)
- VMware Horizon Workspace 1.5 (for specific remediation details, see VMware Security Advisory VMSA-2014-0004)
- **VMware Horizon Workspace 1.8 (for specific remediation details, see VMware Security Advisory VMSA-2014-0004)**Note: Administrators who updated to Horizon Workspace Server 1.8.1 between 4/14/2014 and 4/19/2014 must update to the latest version referenced in VMware Security Advisory VMSA-2014-0004.
- VMware Horizon Workspace Client for Macintosh 1.5.1 (for specific remediation details, see VMware Security Advisory VMSA-2014-0004)
- VMware Horizon Workspace Client for Macintosh 1.5.2 (for specific remediation details, see VMware Security Advisory VMSA-2014-0004)
- VMware Horizon Workspace Client for Windows 1.5.1 (for specific remediation details, see VMware Security Advisory VMSA-2014-0004)
- VMware Horizon Workspace Client for Windows 1.5.2 (for specific remediation details, see VMware Security Advisory VMSA-2014-0004)
- VMware Horizon Workspace for Macintosh 1.8 (for specific remediation details, see VMware Security Advisory VMSA-2014-0004)
- VMware Horizon Workspace for Windows 1.8 (for specific remediation details, see VMware Security Advisory VMSA-2014-0004)
- VMware OVF Tool 3.5.0 (for specific remediation details, see VMware Security Advisory VMSA-2014-0004)
- VMware vCloud Automation Center (vCAC) 6.x (for specific remediation details, see VMware Security Advisory VMSA-2014-0004)
- VMware vCloud Networking and Security (vCNS) 5.1.3 (for specific remediation details, see VMware Security Advisory VMSA-2014-0004)
- VMware vCloud Networking and Security (vCNS) 5.5.1 (for specific remediation details, see VMware Security Advisory VMSA-2014-0004)
Invece i prodotti NON affetti dal bug sono questi:
- VMware vCloud Automation Center (vCAC) 5.x
- VMware vCloud Automation Center (vCAC) 6.x
- ESXi/ESX 4.x
- ESXi 5.0
- ESXi 5.1
- Virtual Disk Development Kit (VDDK)
- VIX API
- VMware Data Recovery VDR)
- VMware Fusion 5.x
- VMware Horizon Mirage 4.3.x and earlier
- VMware Horizon Mirage 4.4.x (except the Gateway component)
- VMware Horizon View 5.x
- VMware Horizon View 5.2 Feature Pack 1
- VMware Horizon View 5.2 Feature Pack 2
- VMware Horizon View Client for Android 1.x, 2.0.x
- VMware Horizon View Client for iOS 1.x, 2.0.x
- VMware Horizon View Client for Linux (all versions)
- VMware Horizon View Client for Mac (all versions)
- VMware Horizon View Client for Windows 2.1.x, 2.2.x, 5.x
- VMware Horizon View Client for Windows Store (all versions)
- VMware Horizon View Client for Windows with Local Mode Option 5.x
- VMware Horizon Workspace Client for Macintosh 1.0.0
- VMware Horizon Workspace Client for Macintosh 1.5.0
- VMware Horizon Workspace Client for Windows 1.0.0
- VMware Horizon Workspace Client for Windows 1.5.0
- VMware OVF tool 3.1.0 and below
- VMware Player
- VMware ThinApp
- VMware Update Manager (VUM)
- VMware vCenter Configuration Manager (vCM)
- VMware vCenter Converter (P2V)
- VMware vCenter Log Insight
- VMware vCenter Operations Manager (vCOps)
- VMware vCenter Orchestrator (vCO)
- VMware vCenter Server 4.x
- VMware vCenter Server 5.0
- VMware vCenter Server 5.1
- VMware vCenter Server Appliance (vCSA) 5.x
- VMware vCenter Server Heartbeat
- VMware vCenter Site Recovery Manager (SRM)
- VMware vCenter Support Assistant
- VMware vCloud Director (vCD)
- VMware vCloud Networking and Security (vCNS) 5.1.2 and below
- VMware vCloud Networking and Security (vCNS) 5.5.0
- VMware vFabric Postgres
- VMware View 4.x
- VMware vSphere Data Protection (vDP)
- VMware vSphere Management Assistant (vMA)
- VMware vSphere Storage Appliance (VSA)
- VMware Workstation
Il mio consiglio è quello di consultare il KB periodicamente per aggiornarsi sulle eventuali patch rilasciate.