VMware vSphere Management Assistant 5.5 EP1 (5.5.0.2)
search cancel

VMware vSphere Management Assistant 5.5 EP1 (5.5.0.2)

book

Article ID: 339870

calendar_today

Updated On:

Products

VMware vCenter Server VMware vSphere ESXi

Issue/Introduction

This patch updates Bash libraries in vSphere Management Assistant (vMA) to resolve multiple critical security issues. The vulnerability is referred to as Shellshock. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187 to these issues.

vMA might use the Bash shell which is part of the Linux operating system. In case the operating system has a vulnerable version of Bash, the Bash security vulnerability might be exploited through vMA.

Note: Applications installed on Windows are not affected. Applications installed on a Linux operating system that is not part of a virtual appliance might be at risk. Contact the vendor of your Linux-based operating system for advice and patches.

Environment

VMware vSphere Management Assistant 5.5

Resolution

vMA 5.5 EP1 addresses Bash shell security vulnerabilities.

Note: The update cannot be applied using the ISO.

Updating Existing vMA Installation by Using Web User Interface

You can install the patch over an existing vSphere Management Assistant 5.5 installation.

Important: You can install this patch only on vSphere Management Assistant 5.5. You can use the Web user interface to upgrade your existing vSphere Management Assistant 5.5 instance.

To install the patch on an existing vSphere Management Assistant 5.5 installation, perform these steps:

  1. Access the Web UI, https://ipaddressofvma:5480.
  2. Log in as vi-admin.
  3. Click the Update tab.
  4. Click the Status tab.
  5. Click the Settings tab and then from the Update Repository section, select a repository.
  6. Click Check Updates.
  7. Click Install Updates.

Updating Existing vMA Installation by Using tar.gz Update Bundle

If your Internet access is restricted, you can set up your own internal repository for vMA updates as an alternative to updating from a VMware public repository. To do this, you can download the updates as a tar.gz update bundle.

  1. On your selected Web server, create a repository directory under the home directory of Web server. For example, create vma_update_repo under /var/www/html if your Apache Web server is running on Linux platform.
  2. Download the tar.gz offline update bundle under the repository directory that you have created.
  3. Extract the tar.gz bundle directly under the repository directory. The extracted files are in two subdirectories, manifest and package-pool.
  4. Open the Web based management interface of vMA on port 5480. For example, https://fqdn_or_ip:5480.
  5. Log in to the Web interface and click the Update tab.
  6. Click Settings.
  7. Select Use Specified Repository.
  8. In the repository URL, enter the URL of the repository you created. For example, if the repository directory is vami_update_repo, the URL should be similar to: http://web_server_name.your_company.com/vami_update_repo
  9. Click Save Settings.
  10. Click Status.
  11. Under Actions, click Check Updates. The new available update is listed.
  12. Click Install Updates.
Note: A restart is required before the changes take effect.