Next Page >>
Updated
Advisory ID: VMSA-2009-0016
Synopsis: VMware vCenter and ESX update release and vMA patch
release address multiple security issue in third
party components
Issue date: 2009-11-20
Updated on: 2009-11-20 (initial release of advisory)
CVE numbers: --- JRE ---
CVE-2009-1093 CVE-2009-1094 CVE-2009-1095
CVE-2009-1096 CVE-2009-1097 CVE-2009-1098
CVE-2009-1099 CVE-2009-1100 CVE-2009-1101
CVE-2009-1102 CVE-2009-1103 CVE-2009-1104
Advisory ID: VMSA-2011-0003
Synopsis: Third party component updates for VMware vCenter
Server, vCenter Update Manager, ESXi and ESX
Issue date: 2011-02-10
Updated on: 2011-02-10 (initial release of advisory)
CVE numbers: --- Apache Tomcat ---
CVE-2009-2693 CVE-2009-2901 CVE-2009-2902
CVE-2009-3548 CVE-2010-2227 CVE-2010-1157
--- Apache Tomcat Manager ---
CVE-2010-2928
VMware Security Advisory
Advisory ID: VMSA-2010-0004
Synopsis: ESX Service Console and vMA third party updates
Issue date: 2010-03-03
Updated on: 2010-03-03 (initial release of advisory)
CVE numbers: CVE-2009-2905 CVE-2008-4552 CVE-2008-4316
CVE-2009-1377 CVE-2009-1378 CVE-2009-1379
CVE-2009-1386 CVE-2009-1387 CVE-2009-0590
CVE-2009-4022 CVE-2009-3560 CVE-2009-3720
CVE-2009-2904 CVE-2009-3563 CVE-2009-2695
- -------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2008-0001
Synopsis: Moderate OpenPegasus PAM Authentication Buffer
Overflow and updated service console packages
Issue date: 2008-01-07
Updated on: 2008-01-07
CVE numbers: CVE-2007-5360 CVE-2007-5398 CVE-2007-4572
CVE-2007-5191 CVE-2007-5116 CVE-2007-3108
CVE-2007-5135
- -------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2008-0001.1
Synopsis: Moderate OpenPegasus PAM Authentication Buffer
Overflow and updated service console packages
Issue date: 2008-01-07
Updated on: 2008-01-22
CVE numbers: CVE-2007-5360 CVE-2007-5398 CVE-2007-4572
CVE-2007-5191 CVE-2007-5116 CVE-2007-3108
CVE-2007-5135
- -------------------------------------------------------------------
~ VMware Security Advisory
Advisory ID: VMSA-2008-0007
Synopsis: Moderate Updated Service Console packages pcre
~ net-snmp, and OpenPegasus
Issue date: 2008-04-15
Updated on: 2008-04-15 (initial release of advisory)
CVE numbers: CVE-2006-7228 CVE-2007-1660 CVE-2007-5846
~ CVE-2008-0003
versions of VMware ESX Server, VMware Server,
VMware Workstation, VMware ACE, and
VMware Player
Issue date: 2007-09-18
Updated on: 2007-09-18
CVE numbers: CVE-2007-2446 CVE-2007-2447 CVE-2007-0494
CVE-2007-2442 CVE-2007-2443 CVE-2007-2798
CVE-2007-0061 CVE-2007-0062 CVE-2007-0063
CVE-2007-4059 CVE-2007-4155 CVE-2007-4496
Advisory ID: VMSA-2012-0001
Synopsis: VMware ESXi and ESX updates to third party library
and ESX Service Console
Issue date: 2012-01-30
Updated on: 2012-01-30 (initial advisory)
CVE numbers: --- COS Kernel ---
CVE-2011-0726, CVE-2011-1078, CVE-2011-1079,
CVE-2011-1080, CVE-2011-1093, CVE-2011-1163,
CVE-2011-1166, CVE-2011-1170, CVE-2011-1171,
VMware Security Advisory
Advisory ID: VMSA-2010-0009
Synopsis: ESXi ntp and ESX Service Console third party updates
Issue date: 2010-05-27
Updated on: 2010-05-27 (initial release of advisory)
CVE numbers: CVE-2009-2695 CVE-2009-2908 CVE-2009-3228
CVE-2009-3286 CVE-2009-3547 CVE-2009-3613
CVE-2009-3612 CVE-2009-3620 CVE-2009-3621
CVE-2009-3726 CVE-2007-4567 CVE-2009-4536
CVE-2009-4537 CVE-2009-4538 CVE-2006-6304
Synopsis: Updates to VMware Workstation, VMware Player,
VMware ACE, VMware Fusion, VMware Server, VMware
VIX API, VMware ESX, VMware ESXi resolve critical
security issues
Issue date: 2008-06-04
Updated on: 2008-06-04 (initial release of advisory)
CVE numbers: CVE-2007-5671 CVE-2008-0967 CVE-2008-2097
CVE-2008-2100 CVE-2006-1721 CVE-2008-0553
CVE-2007-5378 CVE-2007-4772 CVE-2008-0888
CVE-2008-0062 CVE-2008-0063 CVE-2008-0948
- -------------------------------------------------------------------
requests in the MSN protocol handler. A remote attacker could send a
specially crafted filename in a custom smiley request and obtain arbitrary
files via directory traversal. This issue only affected Ubuntu 8.10, Ubuntu
9.04 and Ubuntu 9.10. (CVE-2010-0013)
Pidgin for Ubuntu 8.04 LTS was also updated to fix connection issues with
the MSN protocol.
USN-675-1 and USN-781-1 provided updated Pidgin packages to fix multiple
security vulnerabilities in Ubuntu 8.04 LTS. The security patches to fix
CVE-2008-2955 and CVE-2009-1376 were incomplete. This update corrects the
It was discovered that Bind would incorrectly cache bogus NXDOMAIN
responses. When DNSSEC validation is in use, a remote attacker could
exploit this to cause a denial of service, and possibly poison DNS caches.
(CVE-2010-0097)
USN-865-1 provided updated Bind packages to fix a security vulnerability.
The upstream security patch to fix CVE-2009-4022 was incomplete and
CVE-2010-0290 was assigned to the issue. This update corrects the problem.
Original advisory details:
Michael Sinatra discovered that Bind did not correctly validate certain
listed in either of these two sections are still being evaluated.
Vulnerable Products
- -------------------
This section will be updated when more information is available.
Products Confirmed Not Vulnerable
- ---------------------------------
The following products are confirmed not vulnerable:
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2008-0015
Synopsis: Updated ESXi and ESX 3.5 packages address critical
security issue in openwsman
Issue date: 2008-09-18
Updated on: 2008-09-18 (initial release of advisory)
CVE numbers: CVE-2008-2234
- --------------------------------------------------------------------------
- -------------------------------------------------------------------
~ VMware Security Advisory
Advisory ID: VMSA-2008-0003
Synopsis: Moderate: Updated aacraid driver and samba
~ and python service console updates
Issue date: 2008-02-04
Updated on: 2008-02-04 (initial release of advisory)
CVE numbers: CVE-2007-6015 CVE-2006-7228 CVE-2007-2052
~ CVE-2007-4965 CVE-2007-4308
arbitrary code with application privileges. The default compiler options
for affected releases should reduce the vulnerability to a denial of
service. (CVE-2010-2939)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.13.diff.gz
Size/MD5: 68027 2ff284e0b0ec7eb599b79abafe900961
into opening a crafted PDF file, an attacker could cause a denial of
service or execute arbitrary code with privileges of the user invoking the
program.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.1-0ubuntu7.8.diff.gz
Size/MD5: 27259 bedbca4c7d1fbb131e87ac7d01b9ccfb
Ubuntu 10.10:
libnss3-1d 3.12.8-0ubuntu0.10.10.1
After a standard system update you need to restart any applications that
use NSS, such as Firefox, Thunderbird or Evolution, to make all the
necessary changes. This update also includes updated NSPR packages to work
with the new NSS.
Details follow:
Richard Moore discovered that NSS would sometimes incorrectly match an SSL
VMware Security Advisory
Advisory ID: VMSA-2010-0013
Synopsis: VMware ESX third party updates for Service Console
Issue date: 2010-08-31
Updated on: 2010-08-31 (initial release of advisory)
CVE numbers: CVE-2005-4268 CVE-2010-0624 CVE-2010-2063
CVE-2010-1321 CVE-2010-1168 CVE-2010-1447
- ------------------------------------------------------------------------
1. Summary
VMware Security Advisory
Advisory ID: VMSA-2010-0013
Synopsis: VMware ESX third party updates for Service Console
Issue date: 2010-08-31
Updated on: 2010-08-31 (initial release of advisory)
CVE numbers: CVE-2005-4268 CVE-2010-0624 CVE-2010-2063
CVE-2010-1321 CVE-2010-1168 CVE-2010-1447
- ------------------------------------------------------------------------
1. Summary
In general, a standard system update will make all the necessary changes.
Details follow:
USN-986-1 fixed vulnerabilities in bzip2. dpkg statically links against libbz2
and needed to be rebuilt to use the updated libbz2.
Original advisory details:
An integer overflow was discovered in bzip2. If a user or automated system
were tricked into decompressing a crafted bz2 file, an attacker could cause
Advisory ID: VMSA-2011-0013
Synopsis: VMware third party component updates for VMware vCenter
Server, vCenter Update Manager, ESXi and ESX
Issue date: 2011-10-27
Updated on: 2011-10-27 (initial release of advisory)
CVE numbers: --- openssl ---
CVE-2008-7270 CVE-2010-4180
--- libuser ---
CVE-2011-0002
--- nss, nspr ---
Advisory ID: VMSA-2012-0005
Synopsis: VMware vCenter Server, Orchestrator, Update Manager,
vShield, vSphere Client, ESXi and ESX address
several security issues
Issue date: 2012-03-15
Updated on: 2012-03-15 (initial advisory)
CVE numbers: CVE-2012-1508, CVE-2012-1509, CVE-2012-1510,
CVE-2012-1512, CVE-2012-1513, CVE-2012-1514,
CVE-2011-3190, CVE-2011-3375, CVE-2012-0022,
CVE-2010-0405
possibly execute arbitrary code. The default compiler options for affected
releases should reduce the vulnerability to a denial of service.
(CVE-2010-1850)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.14.diff.gz
Size/MD5: 170661 355c39cc92db0c279cb76d425e56f59b
form variables. A remote attacker who had access to the CUPS web interface
could use this flaw to read a limited amount of memory from the cupsd
process and possibly obtain confidential data. (CVE-2010-1748)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19.diff.gz
Size/MD5: 115313 005b2e259ee2bc9aeb334d3b2ca51faa
with user privileges, or crash the application, leading to a denial
of service. (Only Ubuntu 10.04 LTS was affected.) (CVE-2010-2065,
CVE-2010-2067)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.8.diff.gz
Size/MD5: 23040 b840c801a3d7fc4d0a1053d6fabbe707
images. If a user or automated system were tricked into processing a
crafted PNG image, an attacker could possibly use this flaw to consume all
available resources, resulting in a denial of service. (CVE-2010-2249)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.6.diff.gz
Size/MD5: 24044 8979ca6b113137fe5ee051c1c70571eb
Ubuntu). A local attacker could exploit this to execute arbitrary code as
root if sudo was configured to allow the attacker to use a program that
interpreted the PATH environment variable.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p12-1ubuntu6.3.diff.gz
Size/MD5: 37216 36d4b120d354c87515638af637c67b0d
restrict PL/Tcl procedures. If PostgreSQL was configured to use Tcl stored
procedures, a remote authenticated attacker could exploit this to execute
arbitrary Tcl code. (CVE-2010-1170)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.21-0ubuntu0.6.06.diff.gz
Size/MD5: 34627 7a61989b7495a77a18adf96949af6144
certain ELF program headers. If a user or automated system were tricked
into verifying a specially crafted ELF program, a remote attacker could
execute arbitrary code with user privileges. (CVE-2010-0830)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.3.6-0ubuntu20.6.diff.gz
Size/MD5: 572994 a6a01bf279888c3d2b14dee810d96630
Next Page>>
|
