| New User, Welcome! Login |
Next Page >>
VMWare Player
- -------------------------------------------------------------------
~ VMware Security Advisory
Advisory ID: VMSA-2008-0005
Synopsis: Updated VMware Workstation, VMware Player, VMware
~ Server, VMware ACE, and VMware Fusion resolve
~ critical security issues
Issue date: 2008-03-17
Updated on: 2008-03-17 (initial release of advisory)
CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361
Advisory ID: VMSA-2007-0006
Synopsis: Critical security updates for all supported
versions of VMware ESX Server, VMware Server,
VMware Workstation, VMware ACE, and
VMware Player
Issue date: 2007-09-18
Updated on: 2007-09-18
CVE numbers: CVE-2007-2446 CVE-2007-2447 CVE-2007-0494
2. Relevant releases
VMware Workstation 7.1.1 and earlier,
VMware Workstation 6.5.4 and earlier,
VMware Player 3.1.1 and earlier,
VMware Player 2.5.4 and earlier,
VMware Fusion 3.1.1 and earlier,
ESXi 4.1 without patch ESXi410-201010402-BG or later
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2008-0014
Synopsis: Updates to VMware Workstation, VMware Player,
VMware ACE, VMware Server, VMware ESX address
information disclosure, privilege escalation and
other security issues.
Issue date: 2008-08-29
Updated on: 2008-08-29 (initial release of advisory)
- -------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2008-0008
Synopsis: Updates to VMware Workstation, VMware Player,
VMware ACE, VMware Fusion resolve critical
security issues
Issue date: 2008-05-30
Updated on: 2008-05-30 (initial release of advisory)
CVE numbers: CVE-2008-2098 CVE-2008-2099
- -------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2008-0009
Synopsis: Updates to VMware Workstation, VMware Player,
VMware ACE, VMware Fusion, VMware Server, VMware
VIX API, VMware ESX, VMware ESXi resolve critical
security issues
Issue date: 2008-06-04
Updated on: 2008-06-04 (initial release of advisory)
VirtualCenter 2.5 before Update 3 build 119838
VMware Workstation 6.0.4 and earlier,
VMware Workstation 5.5.7 and earlier,
VMware Player 2.0.4 and earlier,
VMware Player 1.0.7 and earlier,
VMware ACE 2.0.4 and earlier,
VMware ACE 1.0.6 and earlier,
VMware Server 1.0.6 and earlier,
2. Relevant releases
VMware Workstation 7.0,
VMware Workstation 6.5.3 and earlier,
VMware Player 3.0,
VMware Player 2.5.3 and earlier,
VMware ACE 2.6,
VMware ACE 2.5.3 and earlier,
VMware Server 2.0.2 and earlier,
VMware Fusion 3.0,
2. Relevant releases
VMware Workstation 7.0,
VMware Workstation 6.5.3 and earlier,
VMware Player 3.0,
VMware Player 2.5.3 and earlier,
VMware ACE 2.6,
VMware ACE 2.5.3 and earlier,
VMware Server 2.0.2 and earlier,
VMware Fusion 3.0,
2. Relevant releases
VMware Workstation 7.1.4 and earlier
VMware Player 3.1.4 and earlier
VMware Fusion 3.1.2 and earlier
3. Problem Description
(AMS) for Windows updates Apache httpd.
2. Relevant releases
VMware Workstation 7.1.1 and earlier,
VMware Player 3.1.1 and earlier,
VMware ACE Management Server 2.7.1 and earlier,
Note: VMware Server was declared End Of Availability on January 2010,
support will be limited to Technical Guidance for the duration
of the support term.
2. Relevant releases
VMware Workstation 6.0.5 and earlier,
VMware Workstation 5.5.8 and earlier,
VMware Player 2.0.5 and earlier,
VMware Player 1.0.8 and earlier,
VMware ACE 2.0.5 and earlier,
VMware ACE 1.0.7 and earlier,
VMware Server 1.0.7 and earlier.
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2009-0012
Synopsis: VMware Movie Decoder, VMware Workstation, VMware
Player, and VMware ACE resolve security issues.
Issue date: 2009-09-04
Updated on: 2009-09-04 (initial release of advisory)
CVE numbers: CVE-2009-0199 CVE-2009-2628
- ------------------------------------------------------------------------
Console RPM.
2. Relevant releases
VMware Workstation 6.5.1 and earlier,
VMware Player 2.5.1 and earlier,
VMware ACE 2.5.1 and earlier,
VMware Server 2.0,
VMware Server 1.0.8 and earlier,
VMware Fusion 2.0.1 and earlier.
critical security vulnerability.
2. Relevant releases
VMware Workstation 6.5.1 and earlier,
VMware Player 2.5.1 and earlier,
VMware ACE 2.5.1 and earlier,
VMware Server 2.0,
VMware Server 1.0.8 and earlier,
VMware Fusion 2.0.3 and earlier,
ESXi resolve multiple security issues.
2. Relevant releases
VMware Workstation 6.5.1 and earlier,
VMware Player 2.5.1 and earlier,
VMware ACE 2.5.1 and earlier,
VMware Server 2.0,
VMware Server 1.0.8 and earlier,
VMware ESXi 3.5 without patches ESXe350-200811401-O-SG,
*Vulnerable Packages*
. VMWare Workstation 6.0.2
. VMWare Workstation 5.5.4
. VMWare Player 2.0.2
. VMWare Player 1.0.4
. VMWare ACE 2.0.2
. VMWare ACE 1.0.2
*Non-vulnerable Packages*
2. Relevant releases
VMware Workstation 6.0.5 and earlier,
VMware Workstation 5.5.8 and earlier,
VMware Player 2.0.5 and earlier,
VMware Player 1.0.8 and earlier,
VMware Server 1.0.9 and earlier,
VMware ESXi 3.5 without patch ESXe350-200811401-O-SG
http://www.vmware.com/go/downloadplayer
Release notes:
https://www.vmware.com/support/player40/doc/releasenotes_player402.html
VMware Player for Windows 32-bit and 64-bit
md5sum: 8ec9f7cb9556bad9c910a8a9794b3b57
sha1sum: d3613399fc25273ea51ead82ad8bf359f7fda6d1
VMware Player for Linux 32-bit
md5sum: 9fd4bb474a47d5c538e5e806f91e5a40
AFFECTED SOFTWARE
-----------------
(for a complete list, see:
http://www.vmware.com/security/advisories/VMSA-2008-0016.html or
http://lists.vmware.com/pipermail/security-announce/2008/000037.html)
VMware Player 2.0.4-Build 93057
VMware Server 1.0.6 Build-91891
VMware Workstation 6.0.4 Build-93057
PATCHED SOFTWARE
http://www.vmware.com/go/downloadplayer
Release notes:
https://www.vmware.com/support/player40/doc/releasenotes_player403.html
VMware Player for Windows 32-bit and 64-bit
md5sum: f2259a257a5099cdce5e1ce76512f599
sha1sum: 96badcaac81e1dfeaaac49d1a5bb6b1e13956266
VMware Player for Linux 32-bit
md5sum: 4012e897a77a1c69dd18fbcdde6cf269
III. AFFECTED PRODUCTS
---------------------------
VMware Workstation versions prior to 6.5.4 build 246459
VMware Player versions prior to 2.5.4 build 246459
VMware Server versions 2.x
VMware Movie Decoder versions prior to 6.5.4 Build 246459
Background
==========
VMware Workstation is a virtual machine for developers and system
administrators. VMware Player is a freeware virtualization software
that can run guests produced by other VMware products.
Affected packages
=================
the Apace HTTP Server.
2. Relevant releases
VMware Workstation 6.5.2 and earlier,
VMware Player 2.5.2 and earlier,
VMware ACE 2.5.2 and earlier
3. Problem Description
a. Third Party Library libpng Updated to 1.2.35
VMware hosted products and ESX patches resolve two security issues.
2. Relevant releases
VMware Workstation 6.5.2 and earlier,
VMware Player 2.5.2 and earlier,
VMware ACE 2.5.2 and earlier,
VMware Server 2.0.1 and earlier,
VMware Server 1.0.9 and earlier,
VMware Fusion 2.0.5 and earlier,
AFFECTED SOFTWARE
-----------------
(for a complete list, see:
http://www.vmware.com/security/advisories/VMSA-2008-0018.html or
http://lists.vmware.com/pipermail/security-announce/2008/000042.html)
VMware Player 2.0.5-Build 109488
VMware Server 1.0.7-Build 108231
VMware Workstation 6.0.5-Build 109488
PATCHED SOFTWARE
AFFECTED ENVIRONMENTS
---------------------
The following VMware product versions are known to be affected:
VMware Workstation 7.0.0
VMware Workstation 7.1.5 and earlier
VMware Player 3.1.5 and earlier
VMware ESXi 4.1.0 Update 2 Build 502767 and earlier
Other related versions not tested due to unavailability
UNAFFECTED ENVIRONMENTS
===========================================================
Ubuntu Security Notice USN-543-1 November 15, 2007
linux-restricted-modules-2.6.17/20, vmware-player-kernel-2.6.15 vulnerabilities
CVE-2007-0061, CVE-2007-0062, CVE-2007-0063, CVE-2007-4496,
CVE-2007-4497
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
vectors in common implementations. But the more important underlying
implementation vulnerability is that the trusted vmdk and its vmx should
not be directly accessible from a computer that is not fully trusted, or
under a login that cannot be trusted. So that means you can't host or
edit a VM on your Windows web surfing machine without risking the VM's
integrity. And it means that VMWare Player provides no real protection
either for the VM.
A high-trust VM should only be edited through high-trust hosts, and
should only be accessible through its own properly secured network
services. So the least-privilege user should not have access to the vmdk
--------------------
Affected Software
------------------------
- VMware Workstation
- VMware Player
- VMware ACE
- VMware Server
- VMware ESX
- VMware Fusion
- Etc.
Next Page>>
|
|
|
