Details
Released 9 OCT 2014 | Build 2183569 | vCenter Converter Standalone 5.5.2 Release Notes
A critical security vulnerability in the Bash shell, also referred to as Shellshock, has been identified. Exploitation of this issue might lead to remote code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278 to this issue.
During Linux P2V conversions, Converter Standalone is running a Helper VM at the destination location. The Helper VM of vCenter Converter Standalone 5.5.2 might use the Bash shell which is part of the Linux operating system. In case the operating system has a vulnerable version of Bash, the Bash security vulnerability might be exploited through the helper VM.
The vCenter Converter Standalone 5.5.3 release fixes the Bash shell vulnerability.
The VMware vCenter Converter Standalone 5.5.3 release provides an update to OpenSSL library, which addresses multiple security issues. The OpenSSL library is updated to version openssl-0.9.8zb to address CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, and CVE-2014-3510.
Solution
If you are running vCenter Converter Standalone 5.5.2, upgrade to vCenter Converter Standalone 5.5.3
Note: Task history and other application data are not preserved during the upgrade.
Log in to Customer Connect and download the installation package for vCenter Converter Standalone 5.5.3 from the following location: https://customerconnect.vmware.com/downloads/info/slug/infrastructure_operations_management/vmware_vcenter_converter_standalone/5_5.Run the installer and follow the on-screen prompts to complete the upgrade operation.
Additional Information
For translated versions of this article, see:
简体中文: VMware vCenter Converter Standalone 5.5.3 修补程序版本 (2100426)日本語: VMware vCenter Converter Standalone 5.5.3 パッチ リリース (2100711)
