VMware Security Advisory - ESX patches for OpenSSL, vim and bind resolve several security issues. OpenSSL 0.9.7a-33.24 and earlier does not properly check the return value from the EVP_VerifyFinal function, which could allow a remote attacker to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. A flaw was discovered in the way Berkeley Internet Name Domain (BIND) checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. Various vulnerabilities were discovered in vim such as format string issues and input validation problems.
6cb3c24c65b6ce75a60be81d773ffe92365d8866329c83302255f5fa55cec7f1