| New User, Welcome! Login |
Next Page >>
The Common Vulnerabilities and Exposures
a. JRE Security Update
JRE update to version 1.5.0_20, which addresses multiple security
issues that existed in earlier releases of JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the following names to the security issues fixed in
JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,
CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,
CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,
CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.
reboot of the guest system.
VMware would like to thank iDefense and Stephen Fewer of Harmony
Security for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-5671 to this issue.
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
issues that exist in the earlier releases of Microsoft SQL Express.
Customers using other database solutions need not update for
these issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086,
CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL
Express Service Pack 3.
Column 4 of the following table lists the action required to
~ VMware would like to thank CORE Security Technologies for
~ working with us on this issue. This addresses advisory
~ CORE-2007-0930.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the name CVE-2008-0923 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
a. ESX third party update for Service Console openssl RPM
The Service Console openssl RPM is updated to
openssl-0.9.8e.12.el5_5.7 resolving two security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-7270 and CVE-2010-4180 to these
issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
OpenSSL 0.9.7a-33.24 and earlier does not properly check the return
value from the EVP_VerifyFinal function, which could allow a remote
attacker to bypass validation of the certificate chain via a
malformed SSL/TLS signature for DSA and ECDSA keys.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-5077 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
virtual machines on that host.
VMware would like to thank Andrew Honig of the Department of
Defense for reporting this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-4916 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
The ESX Service Console Operating System (COS) kernel is updated to
kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the
COS kernel.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2011-0726, CVE-2011-1078, CVE-2011-1079,
CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166,
CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494,
CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649,
CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182,
VMware would like to thank Jure Skofic and Mitja Kolsek of ACROS
Security (http://www.acrossecurity.com) for reporting this issue
to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-1141 to this issue.
Steps needed to remediate this vulnerability:
Guest systems on VMware Workstation, Player, ACE, Server, Fusion
VMware would like to thank Jure Skofic and Mitja Kolsek of ACROS
Security (http://www.acrossecurity.com) for reporting this issue
to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-1141 to this issue.
Steps needed to remediate this vulnerability:
Guest systems on VMware Workstation, Player, ACE, Server, Fusion
~ This patch fixes a flaw in how the aacraid SCSI driver checked
~ IOCTL command permissions. This flaw might allow a local user
~ on the service console to cause a denial of service or gain
~ privileges. Thanks to Adaptec for reporting this issue.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the name CVE-2007-4308 to this issue.
~ ESX Server 3.0.2 ESX-1003362
~ http://download3.vmware.com/software/vi/ESX-1003362.tgz
~ md5sum: f828e7c1c00c2b32ebd4f14f92febe16
Alexander Sotirov from VMware Security Research discovered a
buffer overflow vulnerability in the OpenPegasus Management server.
This flaw could be exploited by a malicious remote user on the
service console network to gain root access to the service console.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-5360 to this issue.
RPM Updated: pegasus-2.5-552927
VM Shutdown: No
Host Reboot: No
Alexander Sotirov from VMware Security Research discovered a
buffer overflow vulnerability in the OpenPegasus Management server.
This flaw could be exploited by a malicious remote user on the
service console network to gain root access to the service console.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-5360 to this issue.
RPM Updated: pegasus-2.5-552927
VM Shutdown: No
Host Reboot: No
enabled, a remote attacker could send a carefully crafted request
that would cause the Apache child process handling that request to
crash. This could lead to a denial of service if using a threaded
Multi-Processing Module.
The Common Vulnerabilities and Exposures project has assigned the
names CVE-2006-5752, CVE-2007-3304 and CVE-2007-1863 to these issues.
clamav < TSL 3.0.5 > < TSL 3.0 > < TSL 2.2 >
- SECURITY Fix: Some vulnerabilities have been reported in ClamAV,
which can potentially be exploited by malicious people to cause a
a. Service Console update for cpio
The service console package cpio is updated to version 2.5-6.RHEL3.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2005-4268 and CVE-2010-0624 to the issues
addressed in this update.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
a. Service Console update for cpio
The service console package cpio is updated to version 2.5-6.RHEL3.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2005-4268 and CVE-2010-0624 to the issues
addressed in this update.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
a. Service Console update for NSS_db
The service console package NSS_db is updated to version
nss_db-2.2-35.4.el5_5.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-0826 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
chkconfig vmware-webAccess off
VMware would like to thank David Byrne and Tom Leavey of Trustwave's
SpiderLabs for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-2277 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
a. Service Console update for COS kernel
Updated COS package "kernel" addresses the security issues that are
fixed through versions 2.6.18-164.11.1.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228,
CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues
fixed in kernel 2.6.18-164.6.1
The Common Vulnerabilities and Exposures project (cve.mitre.org)
iDefense Security Advisory 01.13.09: Oracle Secure Backup Administration
Server login.php Command Injection Vulnerability
http://archives.neohapsis.com/archives/bugtraq/2009-01/0111.html
The vulnerability is in a function of common.php which is called from the
login.php page.
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2008-5449 to this issue.
Oracle Secure Backup Administration Server login.php Command Injection
Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=769
actions.
VMware would like to thank Julien Bachmann, Shennan Wang, Shinnai,
and Michal Bucko for reporting these issues to us.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the names CVE-2008-3691, CVE-2008-3692,
CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, CVE-2007-5438, and
CVE-2008-3696 to the security issues with VMware ActiveX controls.
VMware Product Running Replace with/
the host to elevate their privileges.
VMware Workstation and Player running on Microsoft Windows are not
affected.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-4295 to this issue.
VMware would like to thank Dan Rosenberg for reporting this issue.
The following table lists what action remediates the vulnerability
a. ESX third party update for Service Console kernel
This update takes the console OS kernel package to
kernel-2.6.18-238.9.1 which resolves multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2010-1083, CVE-2010-2492, CVE-2010-2798,
CVE-2010-2938, CVE-2010-2942, CVE-2010-2943, CVE-2010-3015,
CVE-2010-3066, CVE-2010-3067, CVE-2010-3078, CVE-2010-3086,
CVE-2010-3296, CVE-2010-3432, CVE-2010-3442, CVE-2010-3477,
CVE-2010-3699, CVE-2010-3858, CVE-2010-3859, CVE-2010-3865,
a. Java JRE Security Update
JRE update to version 1.5.0_22, which addresses multiple security
issues that existed in earlier releases of JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the following names to the security issues fixed in
JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,
CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,
CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,
CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.
display request (direct or via a custom application), leading to a
denial of service (application crash) or, potentially, arbitrary
code execution with the privileges of the user running the
application using the newt library.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-2905 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
A stack-based buffer overflow in the script_write_params method in
ISC DHCP dhclient allows remote DHCP servers to execute arbitrary
code via a crafted subnet-mask option.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-0692 to this issue.
An insecure temporary file use flaw was discovered in the DHCP
daemon's init script ("/etc/init.d/dhcpd"). A local attacker could
use this flaw to overwrite an arbitrary file with the output of the
a. OpenSSL Binaries Updated
This fix updates the third party OpenSSL library.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-3108 and CVE-2007-5135 to the issues
addressed by this update.
VMware Product Running Replace with/
Product Version on Apply Patch
~ malicious regular expression, it may have been possible to run
~ arbitrary code as the user running the application.
~ VMware would like to thank Ludwig Nussel for reporting these issues.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org) has
~ assigned the names CVE-2006-7228 and CVE-2007-1660 to these issues.
~ RPM Updated:
~ pcre-3.9-10.4.i386.rpm
Player 3.x is being installed. Installed versions of Workstation and
Player are not affected. The security issue is no longer present in
the installer of the new versions of Workstation 7.x and Player 3.x
(see table below for the version numbers).
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-3277 to this issue.
VMware would like to thank Alexander Trofimov and Marc Esher for
independently reporting this issue to VMware.
a. Service Console update for samba
The service console package samba is updated to version
3.0.9-1.3E.18.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-3069 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
Next Page>>
|
|
|
