| New User, Welcome! Login |
Next Page >>
VMware Workstation
- -------------------------------------------------------------------
~ VMware Security Advisory
Advisory ID: VMSA-2008-0005
Synopsis: Updated VMware Workstation, VMware Player, VMware
~ Server, VMware ACE, and VMware Fusion resolve
~ critical security issues
Issue date: 2008-03-17
Updated on: 2008-03-17 (initial release of advisory)
CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361
VMware hosted products, vCenter Server and ESX patches resolve
multiple security issues.
2. Relevant releases
VMware Workstation 7.0,
VMware Workstation 6.5.3 and earlier,
VMware Player 3.0,
VMware Player 2.5.3 and earlier,
VMware ACE 2.6,
VMware ACE 2.5.3 and earlier,
VMware hosted products, vCenter Server and ESX patches resolve
multiple security issues.
2. Relevant releases
VMware Workstation 7.0,
VMware Workstation 6.5.3 and earlier,
VMware Player 3.0,
VMware Player 2.5.3 and earlier,
VMware ACE 2.6,
VMware ACE 2.5.3 and earlier,
VMware Security Advisory
Advisory ID: VMSA-2007-0006
Synopsis: Critical security updates for all supported
versions of VMware ESX Server, VMware Server,
VMware Workstation, VMware ACE, and
VMware Player
Issue date: 2007-09-18
Updated on: 2007-09-18
VMware hosted products and ESX patches resolve multiple security
issues.
2. Relevant releases
VMware Workstation 7.1.1 and earlier,
VMware Workstation 6.5.4 and earlier,
VMware Player 3.1.1 and earlier,
VMware Player 2.5.4 and earlier,
VMware Fusion 3.1.1 and earlier,
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 3
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
b. vMA and Service Console update for vMA package nfs-utils to
1.0.9-42.el5
The nfs-utils package provides a daemon for the kernel NFS server
ESXi any ESXi not affected
ESX any ESX not affected
* Hosted products are VMware Workstation, Player, ACE, Fusion.
b. vCenter Apache Tomcat Management Application Credential Disclosure
The Apache Tomcat Manager application configuration file contains
logon credentials that can be read by unprivileged local users.
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2008-0014
Synopsis: Updates to VMware Workstation, VMware Player,
VMware ACE, VMware Server, VMware ESX address
information disclosure, privilege escalation and
other security issues.
Issue date: 2008-08-29
Updated on: 2008-08-29 (initial release of advisory)
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 not affected
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
d. Service Console update for ntp
Service Console package ntp updated to version ntp-4.2.2pl-9.el5_3.2
ESX 3.0.3 ESX not applicable
ESX 2.5.5 ESX not applicable
vMA 4.0 RHEL5 affected, patch pending
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
b. ESXi userworld update for ntp
The Network Time Protocol (NTP) is used to synchronize the time of
a computer client or server to another server or reference time
2. Relevant releases
VirtualCenter 2.5 before Update 3 build 119838
VMware Workstation 6.0.4 and earlier,
VMware Workstation 5.5.7 and earlier,
VMware Player 2.0.4 and earlier,
VMware Player 1.0.7 and earlier,
VMware ACE 2.0.4 and earlier,
VMware ACE 1.0.6 and earlier,
- -------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2008-0009
Synopsis: Updates to VMware Workstation, VMware Player,
VMware ACE, VMware Fusion, VMware Server, VMware
VIX API, VMware ESX, VMware ESXi resolve critical
security issues
Issue date: 2008-06-04
Updated on: 2008-06-04 (initial release of advisory)
ESX 4.1 ESX ESX410-201201401-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
b. ESX third party update for Service Console cURL RPM
The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9
resolving a security issues.
privilege escalation on virtual machine guest operating systems. In
addition a directory traversal issue is resolved.
2. Relevant releases
VMware Workstation 6.0.5 and earlier,
VMware Workstation 5.5.8 and earlier,
VMware Player 2.0.5 and earlier,
VMware Player 1.0.8 and earlier,
VMware ACE 2.0.5 and earlier,
VMware ACE 1.0.7 and earlier,
ESX 4.1 ESX ESX410-201110204-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
b. ESX third party update for Service Console libuser RPM
The Service Console libuser RPM is updated to version
0.54.7-2.1.el5_5.2 to resolve a security issue.
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2009-0012
Synopsis: VMware Movie Decoder, VMware Workstation, VMware
Player, and VMware ACE resolve security issues.
Issue date: 2009-09-04
Updated on: 2009-09-04 (initial release of advisory)
CVE numbers: CVE-2009-0199 CVE-2009-2628
- ------------------------------------------------------------------------
Hosted product updates address a remote code execution vulnerability
in the way UDF file systems are handled
2. Relevant releases
VMware Workstation 7.1.4 and earlier
VMware Player 3.1.4 and earlier
VMware Fusion 3.1.2 and earlier
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2010-0014
Synopsis: VMware Workstation, Player, and ACE address several
security issues.
Issue date: 2010-09-23
Updated on: 2010-09-23 (initial release of advisory)
CVE numbers: CVE-2010-3277 CVE-2010-1205 CVE-2010-0205
CVE-2010-2249 CVE-2010-0434 CVE-2010-0425
ESX 4.1 ESX affected, patch pending
ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX ESX350-201008405-SG
ESX 3.0.3 ESX affected, patch pending
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
b. Service Console update for tar
The service console package tar is updated to version
1.13.25-16.RHEL3
- -------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2008-0008
Synopsis: Updates to VMware Workstation, VMware Player,
VMware ACE, VMware Fusion resolve critical
security issues
Issue date: 2008-05-30
Updated on: 2008-05-30 (initial release of advisory)
CVE numbers: CVE-2008-2098 CVE-2008-2099
ESX 4.1 ESX affected, patch pending
ESX 4.0 ESX ESX400-201009407-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
b. Service Console update for OpenLDAP
The service console package OpenLDAP updated to version
2.3.43-12.el5.
ESX 4.1 ESX affected, patch pending
ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX ESX350-201008405-SG
ESX 3.0.3 ESX affected, patch pending
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
b. Service Console update for tar
The service console package tar is updated to version
1.13.25-16.RHEL3
issue. Update patch 13 for ESX 2.5.5 updates the libpng Service
Console RPM.
2. Relevant releases
VMware Workstation 6.5.1 and earlier,
VMware Player 2.5.1 and earlier,
VMware ACE 2.5.1 and earlier,
VMware Server 2.0,
VMware Server 1.0.8 and earlier,
VMware Fusion 2.0.1 and earlier.
ESX 4.1 ESX ESX410-201101201-SG
ESX 4.0 ESX ESX400-201103401-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
* hosted products are VMware Workstation, Player, Fusion.
b. Service Console update for bind
This patch updates the bind-libs and bind-utils RPMs to version
9.3.6-4.P1.el5_5.3, which resolves multiple security issues.
enabled which is the default on VMware products that have the feature AND
at least one folder of the Host system is configured for sharing.
*Vulnerable Packages*
. VMWare Workstation 6.0.2
. VMWare Workstation 5.5.4
. VMWare Player 2.0.2
. VMWare Player 1.0.4
. VMWare ACE 2.0.2
. VMWare ACE 1.0.2
vulnerability in virtual device hardware. The second is an updated
bzip2 package for the Service Console.
2. Relevant releases
VMware Workstation 6.0.5 and earlier,
VMware Workstation 5.5.8 and earlier,
VMware Player 2.0.5 and earlier,
VMware Player 1.0.8 and earlier,
VMware Server 1.0.9 and earlier,
2. Relevant releases
VMware VIX API for Linux 1.10.2 and earlier
VMware Workstation 7.1.3 on Linux and earlier
VMware Workstation 6.5.5 on Linux and earlier
3. Problem Description
a. VMware Linux based vmrun utility local privilege escalation
ESX 3.0.2 ESX affected, patch pending
ESX 3.0.1 ESX affected, patch pending
ESX 2.5.5 ESX for patch info see VMSA-2008-0001
ESX 2.5.4 ESX for patch info see VMSA-2008-0001
* hosted products are VMware Workstation, Player, ACE, Server, Fusion
II Service Console rpm updates
a. net-snmp Security update
ESX 4.1 ESX patch pending
ESX 4.0 ESX ESX400-201110401-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
b. ESX third party update for Service Console krb5 RPMs
This patch updates the krb5-libs and krb5-workstation RPMs of the
console OS to version 1.6.1-55.el5_6.1, which resolves multiple
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
b. Service Console package sudo
Service Console package for sudo has been updated to version
sudo-1.6.9p17-3. This fixes the following issue: Sudo versions
Next Page>>
|
|
|
