When the story finally broke about the Internet-exploding Heartbleed defect in OpenSSL, VMware was one of the vendors hard hit by the accidental flaw with over 25 products affected. Before Easter weekend, VMware had promised to patch fast, hoping to have fixes available as soon as egg hunters settled back into their work chairs on Monday.
The patches are now available and detailed in a couple places:
- Probably the most hard to read is Knowledge Base article 2076225
- More clearly defined is Security Advisory VMSA-2014-0004.6
You should also note that a fix is available for vCenter Server 5.5, however, there's a few additional steps involved including remediation, a password change, and a plug-in update: