It will be a virtual Christmas for virtualization administrators
VMware said that their vRealize Orchestrator products, vRealize Operations vCenter Operations vCenter Application Discovery Manager and all must put to harden against "a critical vulnerability deserialization."
The default is "Apache Commons-collections and an integrated chain course" and can result in "number of remote code execution with the permissions of the application that uses the Commons-collections library."
vRealize Orchestrator 6.x can be cured with this review while inoculating vCenter Orchestrator is yours for the taking here for version 5.x Patches vCenter Operations vRealize and operations are on the way, a period more or less acceptable, because the Operation is limited to local users. The patch vCenter Application Discovery Manager is pending.
Virtualized systems administrators are Copping in the week before the holiday season, the Xen project also appeared a few fixes. XSE-164 could see nasty escalation of XSA-165 qemu process could allow recovery of encryption keys from one platform to support Xen and CSX-166 has the potential privilege escalation.
No comments:
Post a Comment
Note: only a member of this blog may post a comment.