<< Previous Next >>
The Common Vulnerabilities and Exposures
Player 3.x is being installed. Installed versions of Workstation and
Player are not affected. The security issue is no longer present in
the installer of the new versions of Workstation 7.x and Player 3.x
(see table below for the version numbers).
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-3277 to this issue.
VMware would like to thank Alexander Trofimov and Marc Esher for
independently reporting this issue to VMware.
a. Service Console update for samba
The service console package samba is updated to version
3.0.9-1.3E.18.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-3069 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
a. Service Console update for glibc
The service console packages glibc, glibc-common, and nscd are each
updated to version 2.5-34.4908.vmw.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-3847 and CVE-2010-3856 to the issues
addressed in this update.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
resources.
VMware would like to thank Nicolas Gregoire and US CERT for
reporting this issue to us.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2010-3609 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
to the network on which the vCenter Server host resides.
In case vCenter Server is installed on Windows 2008 or
Windows 2008 R2, the security vulnerability is not present.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2011-0426 to this issue.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
32-bit.
VMware would like to thank Derek Soeder of Ridgeway Internet
Security, L.L.C. for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2012-1515 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VAMI features such as using the web interface to set the network
configuration)
or
- recreate the virtual appliance using Studio 2.1.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2010-2667 to this issue.
VMware would like to thank Claudio Criscione of Secure Network for
reporting this issue to us.
handled uninitialized pointers. An attacker could create a PNG image
file in such a way, that when loaded by an application linked to
libpng, it could cause the application to crash or execute arbitrary
code at the privilege level of the user that runs the application.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0040 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
of the driver.
VMware would like to thank Nikita Tarakanov for reporting this
issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-1805 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available. See above for remediation
details.
write to uncontrolled physical memory.
VMware would like to thank Andrew Honig of the Department of
Defense for reporting this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-4917 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
unprivileged user on the host system.
VMware would like to thank Neil Kettle of Convergent Network
Solutions for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-3281 to this issue.
b. Kernel denial of service vulnerability
An integer overflow vulnerability in the vmx86 kernel extension
a. Service Console update for COS kernel
The service console package kernel is updated to version 2.4.21-63.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-5029, CVE-2008-5300, CVE-2009-1337,
CVE-2009-1385, CVE-2009-1895, CVE-2009-2848, CVE-2009-3002, and
CVE-2009-3547 to the security issues fixed in kernel-2.4.21-63.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
vulnerability does not affect the host system.
VMware would like to thank Tavis Ormandy and Julien Tinnes of the
Google Security Team for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-2267 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available. See above for remediation
details.
have the ability to run applications.
VMware would like to thank Derek Soeder for discovering
this issue and working with us on its remediation.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-4915 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
affect the 64-bit versions of Linux guest operating systems.
VMware would like to thank Derek Soeder for discovering
this issue and working with us on its remediation.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2008-4279 this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
a. Security Update to Service Console Kernel
This fix upgrades service console kernel version to 2.4.21-57.EL.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-5001, CVE-2007-6151, CVE-2007-6206,
CVE-2008-0007, CVE-2008-1367, CVE-2008-1375, CVE-2006-4814, and
CVE-2008-1669 to the security issues fixed in kernel-2.4.21-57.EL.
VMware Product Running Replace with/
have implemented heap protection.
VMware would like to thank Andrew Honig of the Department of
Defense for reporting this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-2098 to this issue.
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
2008-03-18 Vendor fixed issue in trunk/branch revision
2008-04-22 Vendor released 1.3.1
2008-04-22 Advisory published
CVE Information
The Common Vulnerabilities and Exposures (CVE) project has assigned the name
CVE-2008-1385 to this issue. This is a candidate for inclusion in the CVE
list (http://cve.mitre.org/), which standardizes names for security problems.
Credits and copyright
This vulnerability was discovered by Hanno Boeck of schokokeks.org webhosting.
2008-03-18 Vendor fixed issue in trunk/branch revision
2008-04-22 Vendor released 1.3.1
2008-04-22 Advisory published
CVE Information
The Common Vulnerabilities and Exposures (CVE) project has assigned the name
CVE-2008-1385 to this issue. This is a candidate for inclusion in the CVE
list (http://cve.mitre.org/), which standardizes names for security problems.
Credits and copyright
This vulnerability was discovered by Hanno Boeck of schokokeks.org webhosting.
Tomcat Server Security Update
This release of VirtualCenter Server updates the Tomcat Server
package from 5.5.17 to 5.5.25, which addresses multiple security
issues that existed in the earlier releases of Tomcat Server.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2005-2090, CVE-2006-7195, and CVE-2007-0450 to
these issues.
JRE Security Update
This release of VirtualCenter Server updates the JRE package from
- SECURITY Fix: An error exists in fetchmail which allows
context-dependent attackers to cause a denial of service (NULL
dereference and application crash) by refusing certain warning
messages that are sent over SMTP.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-4565 to this issue.
quagga < TSL 3.0.5 > < TSL 3.0 >
- New Upstream.
- SECURITY Fix: A vulnerability have been reported in Quagga, caused
- SECURITY Fix: Fixes integer overflow in the "file" program, that
might allow user-assisted attackers to execute arbitrary code via
a large file that triggers an overflow that bypasses an assert()
statement. This issue is due to an incorrect patch for CVE-2007-1536.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-2799 to this issue.
gd < TSL 3.0.5 > < TSL 3.0 > < TSL 2.2 >
- SECURITY Fix: Some vulnerabilities have been reported in the GD
Graphics Library, where some have unknown impact and others can
a. Service Console OS update for COS kernel
This patch updates the service console kernel to fix multiple
security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-0415, CVE-2010-0307,
CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1437, and
CVE-2010-1088 to these issues.
Column 4 of the following table lists the action required to
socreate(type=2, proto=17) failed with error 55
VMware would like to thank Jimmy Scott at inet-solutions.be for
reporting this issue to us.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has
assigned the name CVE-2011-1785 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
privilege escalation on View virtual desktops.
VMware would like to thank Tarjei Mandt for reporting theses issues
to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2012-1509 (XPDM buffer overrun),
CVE-2012-1510 (WDDM buffer overrun) and CVE-2012-1508 (XPDM null
pointer dereference) to these issues.
Column 4 of the following table lists the action required to
a. ESX third party update for Service Console kernel
The ESX Service Console Operating System (COS) kernel is updated
which addresses several security issues in the COS kernel.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2011-3191, CVE-2011-4348 and CVE-2012-0028 to
these issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
Discovered by Secunia Research.
======================================================================
8) References
The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2010-0988 for the vulnerability.
======================================================================
9) About Secunia
on the URLs shown.
http://www.microsoft.com/technet/security/bulletin/MS10-017.mspx
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2010-0261 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.
VIII. DISCLOSURE TIMELINE
VMware would like to thank Daniel Grzelak and Alex Kouzemtchenko of
stratsec (www.stratsec.net) for finding and reporting this issue.
VMware would also like to thank Ben Allums of WebWorks.com for working
on the remediation of this issue with us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2009-3731 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
Discovered by Alin Rad Pop, Secunia Research.
======================================================================
8) References
The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2009-4002 for the vulnerability.
======================================================================
9) About Secunia
<<Previous Next>>
|
