| New User, Welcome! Login |
Next Page >>
VMware Player
- -------------------------------------------------------------------
~ VMware Security Advisory
Advisory ID: VMSA-2008-0005
Synopsis: Updated VMware Workstation, VMware Player, VMware
~ Server, VMware ACE, and VMware Fusion resolve
~ critical security issues
Issue date: 2008-03-17
Updated on: 2008-03-17 (initial release of advisory)
CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361
Advisory ID: VMSA-2007-0006
Synopsis: Critical security updates for all supported
versions of VMware ESX Server, VMware Server,
VMware Workstation, VMware ACE, and
VMware Player
Issue date: 2007-09-18
Updated on: 2007-09-18
CVE numbers: CVE-2007-2446 CVE-2007-2447 CVE-2007-0494
2. Relevant releases
VMware Workstation 7.1.1 and earlier,
VMware Workstation 6.5.4 and earlier,
VMware Player 3.1.1 and earlier,
VMware Player 2.5.4 and earlier,
VMware Fusion 3.1.1 and earlier,
ESXi 4.1 without patch ESXi410-201010402-BG or later
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2008-0014
Synopsis: Updates to VMware Workstation, VMware Player,
VMware ACE, VMware Server, VMware ESX address
information disclosure, privilege escalation and
other security issues.
Issue date: 2008-08-29
Updated on: 2008-08-29 (initial release of advisory)
- -------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2008-0009
Synopsis: Updates to VMware Workstation, VMware Player,
VMware ACE, VMware Fusion, VMware Server, VMware
VIX API, VMware ESX, VMware ESXi resolve critical
security issues
Issue date: 2008-06-04
Updated on: 2008-06-04 (initial release of advisory)
- -------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2008-0008
Synopsis: Updates to VMware Workstation, VMware Player,
VMware ACE, VMware Fusion resolve critical
security issues
Issue date: 2008-05-30
Updated on: 2008-05-30 (initial release of advisory)
CVE numbers: CVE-2008-2098 CVE-2008-2099
VirtualCenter 2.5 before Update 3 build 119838
VMware Workstation 6.0.4 and earlier,
VMware Workstation 5.5.7 and earlier,
VMware Player 2.0.4 and earlier,
VMware Player 1.0.7 and earlier,
VMware ACE 2.0.4 and earlier,
VMware ACE 1.0.6 and earlier,
VMware Server 1.0.6 and earlier,
2. Relevant releases
VMware Workstation 7.0,
VMware Workstation 6.5.3 and earlier,
VMware Player 3.0,
VMware Player 2.5.3 and earlier,
VMware ACE 2.6,
VMware ACE 2.5.3 and earlier,
VMware Server 2.0.2 and earlier,
VMware Fusion 3.0,
2. Relevant releases
VMware Workstation 7.0,
VMware Workstation 6.5.3 and earlier,
VMware Player 3.0,
VMware Player 2.5.3 and earlier,
VMware ACE 2.6,
VMware ACE 2.5.3 and earlier,
VMware Server 2.0.2 and earlier,
VMware Fusion 3.0,
2. Relevant releases
VMware Workstation 7.1.4 and earlier
VMware Player 3.1.4 and earlier
VMware Fusion 3.1.2 and earlier
3. Problem Description
(AMS) for Windows updates Apache httpd.
2. Relevant releases
VMware Workstation 7.1.1 and earlier,
VMware Player 3.1.1 and earlier,
VMware ACE Management Server 2.7.1 and earlier,
Note: VMware Server was declared End Of Availability on January 2010,
support will be limited to Technical Guidance for the duration
of the support term.
2. Relevant releases
VMware Workstation 6.0.5 and earlier,
VMware Workstation 5.5.8 and earlier,
VMware Player 2.0.5 and earlier,
VMware Player 1.0.8 and earlier,
VMware ACE 2.0.5 and earlier,
VMware ACE 1.0.7 and earlier,
VMware Server 1.0.7 and earlier.
Console RPM.
2. Relevant releases
VMware Workstation 6.5.1 and earlier,
VMware Player 2.5.1 and earlier,
VMware ACE 2.5.1 and earlier,
VMware Server 2.0,
VMware Server 1.0.8 and earlier,
VMware Fusion 2.0.1 and earlier.
critical security vulnerability.
2. Relevant releases
VMware Workstation 6.5.1 and earlier,
VMware Player 2.5.1 and earlier,
VMware ACE 2.5.1 and earlier,
VMware Server 2.0,
VMware Server 1.0.8 and earlier,
VMware Fusion 2.0.3 and earlier,
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2009-0012
Synopsis: VMware Movie Decoder, VMware Workstation, VMware
Player, and VMware ACE resolve security issues.
Issue date: 2009-09-04
Updated on: 2009-09-04 (initial release of advisory)
CVE numbers: CVE-2009-0199 CVE-2009-2628
- ------------------------------------------------------------------------
ESXi resolve multiple security issues.
2. Relevant releases
VMware Workstation 6.5.1 and earlier,
VMware Player 2.5.1 and earlier,
VMware ACE 2.5.1 and earlier,
VMware Server 2.0,
VMware Server 1.0.8 and earlier,
VMware ESXi 3.5 without patches ESXe350-200811401-O-SG,
*Vulnerable Packages*
. VMWare Workstation 6.0.2
. VMWare Workstation 5.5.4
. VMWare Player 2.0.2
. VMWare Player 1.0.4
. VMWare ACE 2.0.2
. VMWare ACE 1.0.2
*Non-vulnerable Packages*
AFFECTED SOFTWARE
-----------------
(for a complete list, see:
http://www.vmware.com/security/advisories/VMSA-2008-0016.html or
http://lists.vmware.com/pipermail/security-announce/2008/000037.html)
VMware Player 2.0.4-Build 93057
VMware Server 1.0.6 Build-91891
VMware Workstation 6.0.4 Build-93057
PATCHED SOFTWARE
2. Relevant releases
VMware Workstation 6.0.5 and earlier,
VMware Workstation 5.5.8 and earlier,
VMware Player 2.0.5 and earlier,
VMware Player 1.0.8 and earlier,
VMware Server 1.0.9 and earlier,
VMware ESXi 3.5 without patch ESXe350-200811401-O-SG
AFFECTED SOFTWARE
-----------------
(for a complete list, see:
http://www.vmware.com/security/advisories/VMSA-2008-0018.html or
http://lists.vmware.com/pipermail/security-announce/2008/000042.html)
VMware Player 2.0.5-Build 109488
VMware Server 1.0.7-Build 108231
VMware Workstation 6.0.5-Build 109488
PATCHED SOFTWARE
III. AFFECTED PRODUCTS
---------------------------
VMware Workstation versions prior to 6.5.4 build 246459
VMware Player versions prior to 2.5.4 build 246459
VMware Server versions 2.x
VMware Movie Decoder versions prior to 6.5.4 Build 246459
Background
==========
VMware Workstation is a virtual machine for developers and system
administrators. VMware Player is a freeware virtualization software
that can run guests produced by other VMware products.
Affected packages
=================
the Apace HTTP Server.
2. Relevant releases
VMware Workstation 6.5.2 and earlier,
VMware Player 2.5.2 and earlier,
VMware ACE 2.5.2 and earlier
3. Problem Description
a. Third Party Library libpng Updated to 1.2.35
VMware hosted products and ESX patches resolve two security issues.
2. Relevant releases
VMware Workstation 6.5.2 and earlier,
VMware Player 2.5.2 and earlier,
VMware ACE 2.5.2 and earlier,
VMware Server 2.0.1 and earlier,
VMware Server 1.0.9 and earlier,
VMware Fusion 2.0.5 and earlier,
===========================================================
Ubuntu Security Notice USN-543-1 November 15, 2007
linux-restricted-modules-2.6.17/20, vmware-player-kernel-2.6.15 vulnerabilities
CVE-2007-0061, CVE-2007-0062, CVE-2007-0063, CVE-2007-4496,
CVE-2007-4497
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
--------------------
Affected Software
------------------------
- VMware Workstation
- VMware Player
- VMware ACE
- VMware Server
- VMware ESX
- VMware Fusion
- Etc.
-- Affected Vendors:
VMWare, Inc.
-- Affected Products:
VMWare, Inc. VMWare Player
VMWare, Inc. VMWare Workstation
VMWare, Inc. VMWare Server
VMWare, Inc. VMWare ACE
-- Vulnerability Details:
vectors in common implementations. But the more important underlying
implementation vulnerability is that the trusted vmdk and its vmx should
not be directly accessible from a computer that is not fully trusted, or
under a login that cannot be trusted. So that means you can't host or
edit a VM on your Windows web surfing machine without risking the VM's
integrity. And it means that VMWare Player provides no real protection
either for the VM.
A high-trust VM should only be edited through high-trust hosts, and
should only be accessible through its own properly secured network
services. So the least-privilege user should not have access to the vmdk
VMWare, Inc.
-- Affected Products:
VMWare, Inc. VMWare Server
VMWare, Inc. VMWare ACE
VMWare, Inc. VMWare Player
VMWare, Inc. VMWare Workstation
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of multiple VMWare products. User interaction
*Affected products:*
This behavior is only present in Workstation 6.0, Workstation 6.0 with
ACE Option Pack, and VMware Player 2.0.
This issue does not affect any released version of VMware Server, VMware
ESX Server, or VMware GSX Server.
This issue also does not affect deployed ACE 2.0 virtual machines.
Next Page>>
|
|
|
