This week, a new vulnerability was discovered affecting SSL, a protocol most of the Internet uses to encrypt and secure communications. The VMware Security Engineering, Communications, and Response group (vSECR) is investigating the OpenSSL issue dubbed “Heartbleed”. For information on which VMware products may be affected and resolution/remediation steps, refer to the two KB articles at the bottom of this post.
For the curious, we would like to quickly explain why this particular vulnerability could be a risk across the Internet. The bug — dubbed “Heartbleed” — allows anybody to read the memory on a system that is supposed to be protected by SSL.
An anonymous attacker could potentially steal any information from an SSL-secured communication when the issue is not addressed. Best practices dictate that websites and web service providers should always use SSL-encrypted communication when dealing with sensitive information like usernames, passwords, and bank info. Heartbleed could breach that information to anybody who knows how to extract it without leaving a trace.
Just hours ago VMware announced the General Availability (GA) of Virtual SAN (VSAN) 5.5. This new product is the cornerstone of our Software-Defined Storage strategy and a key pillar of our Software-Defined Data Center vision.
In typical fashion, our Documentation and KB team have lots of fresh articles you may want to be aware of as you try this new and exciting product.
Here is a new vSphere video tutorial which demonstrates how to upgrade the vCenter Server Appliance from versions 5.0.x or 5.1 to that of version 5.5.
Before attempting the upgrade:
For additional information and additional instructions, see VMware Knowledge Base article Upgrading vCenter Server Appliance 5.0.x/5.1 to 5.5 (2058441).