vSphere AppHA 1.1.x JRE update to include a fix for CVE-2014-6593
search cancel

vSphere AppHA 1.1.x JRE update to include a fix for CVE-2014-6593

book

Article ID: 335212

calendar_today

Updated On:

Products

VMware

Issue/Introduction

The Oracle (Sun) JRE package is updated to 1.7.0_76. The update addresses multiple security issues, also referred to as the SKIP-TLS vulnerability, that exist in the earlier releases of Oracle (Sun) JRE. Oracle has documented the CVE identifiers that are addressed in JRE 1.7.0_76 in the Oracle Java SE Critical Patch Update Advisory for January 2015. The JRE update includes a fix for CVE-2014-6593.
vSphere AppHA 1.1.1 patch addresses the fix for CVE-2014-6593.


Environment

VMware vSphere App HA 1.x

Resolution

Before applying the patch, take a snapshot of your virtual machine.
Apply the patch on the vSphere AppHA virtual appliance:
<?xml:namespace prefix = o />

1. Download the patch from https://customerconnect.vmware.com/web/vmware/details?productId=353&rPId=5258&downloadGroup=APPHA-111.

2. Open a command line prompt and run rpm -U jre-7u76-linux-x64.rpm.
3. Restart the vSphere AppHA virtual appliance.