New User, Welcome!     Login

<< Previous

VMware ESX Server

VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix

   Updated ESX packages address several security issues.

2. Relevant releases:

   VMware ESX 3.5 without patches ESX350-200806201-UG (vmnix) and
   ESX350-200806218-UG (samba)

3. Problem description:

I   Service Console rpm updates

VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus

~   Updated Service Console packages for pcre, net-snmp, and OpenPegasus

2. Relevant releases:

~   VMware ESX 3.5 without patch ESX350-200803214-UG

3. Problem description:

~   a. Updated pcre Service Console package addresses several security issues

VMSA-2008-0015 Updated ESXi and ESX 3.5 packages address critical security issue in openwsman

    Updated ESXi and ESX 3.5 packages address critical security issue in
    openwsman

2. Relevant releases

    VMware ESXi 3.5 Update 2 without patch ESXe350-200808501-I-SG

    VMware ESX  3.5 Update 2 without patch ESX350-200808413-SG

3. Problem Description

VMSA-2010-0004 ESX Service Console and vMA third party updates

   device-mapper-multipath, fipscheck, dbus, dbus-libs, ed, openssl,
   bind, expat, openssh, ntp and kernel packages.

2. Relevant releases

   VMware ESX 4.0.0 without patch ESX400-201002404-SG, ESX400-201002407-SG,
                                  ESX400-201002406-SG

   VMware vMA 4.0 before patch 3

3. Problem Description

VMSA-2010-0009 ESXi ntp and ESX Service Console third party updates

   ESXi update for ntp and ESX Console OS (COS) updates for COS
   kernel, openssl, krb5, gcc, bind, gzip, sudo.

2. Relevant releases

   VMware ESX 4.0.0 without patches ESX400-201005401-SG,
   ESX400-201005406-SG, ESX400-201005408-SG, ESX400-201005407-SG,
   ESX400-201005405-SG, ESX400-201005409-SG

3. Problem Description

VMSA-2010-0001 ESX Service Console updates for nss and nspr

   Update for Service Console packages nss and nspr

2. Relevant releases

   VMware ESX 4.0 without patch ESX400-200912403-SG

3. Problem Description

 a. Update for Service Console packages nss and nspr

VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl

   Update for Service Console packages udev,sudo, and curl

2. Relevant releases

   VMware ESX 4.0.0 without bulletin ESX400-200906411-SG,
   ESX400-200906406-SG, ESX400-200906407-SG.

3. Problem Description

 a. Service Console package udev

VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel

   ESX 3.5 Console OS (COS) updates for COS package 'kernel'.

2. Relevant releases

   VMware ESX 3.5 without patch ESX350-201006401-SG

   Notes:
   Effective May 2010, VMware's patch and update release program during
   Extended Support will be continued with the condition that all
   subsequent patch and update releases will be based on the latest

Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation

- VMware Workstation
- VMware Player
- VMware ACE
- VMware Server
- VMware ESX
- VMware Fusion
- Etc.

--------------------
Consequences

CORE-2007-0930 Path Traversal vulnerability in VMware's shared folders implementation

. VMWare ACE 2.0.2
. VMWare ACE 1.0.2

*Non-vulnerable Packages*

. VMWare ESX
. VMWare Server

*Vendor Information, Solutions and Workarounds*

Disable the Shared Folders feature for all virtual machines. On VMWare

VMSA-2010-0006 ESX Service Console updates for samba and acpid

   ESX Service Console updates for samba and acpid packages.

2. Relevant releases

   VMware ESX 4.0.0 without patch ESX400-201003405-SG,
                                  ESX400-201003403-SG
   Notes:

   Effective May 2010, VMware's patch and update release program during
   Extended Support will be continued with the condition that all

VMSA-2009-0003 ESX 2.5.5 patch 12 updates service console package ed

   ESX 2.5.5 patch 12 Build 142708 updates service console package ed

2. Relevant releases

   VMware ESX 2.5.5 before patch 12

   Extended support for ESX 2.5.5 ends on 2010-06-15.  Users should plan
   to upgrade to ESX 3.0.3 and preferably to the newest release
   available.
<<Previous

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!