Sunday, August 31, 2008

Updates To VMware Software Released

There has been found eight vulnerabilities in VMware software which among other things might result in denial of service attack or allow an attacker run arbitrary code. Updates fix vulnerabilities in ISAPI extension and in Cairo, FreeType, libpng and bind libraries. One update sets a killbit in VMware's ActiveX controls and one fixes VMware Consolidated Backup (VCB) command-line utilities.

Vulnerable versions:
- VMware ACE 2.0.4 and earlier versions
- VMware ACE 1.0.6 and earlier versions
- VMware Player 2.0.4 and earlier versions
- VMware Player 1.0.7 and earlier versions
- VMware Workstation 6.0.4 and earlier versions
- VMware Workstation 5.5.7 and earlier versions
- VMware Server 1.0.6 and earlier versions
- VMware ESX 3.0.3 without fixes ESX303-200808404-SG, ESX303-200808403-SG and ESX303-200808406-SG
- VMware ESX 3.0.2 without fixes ESX-1005109, ESX-1005113 and ESX-1005114
- VMware ESX 3.0.1 without fixes ESX-1005108, ESX-1005112, ESX-1005111, ESX-1004823 and ESX-1005117


Non-vulnerable versions:
VMware ACE 2.0.5 and 1.0.7
VMware Player 2.0.5 and 1.0.8
VMware Workstation 6.0.5
VMware Workstation 5.5.8
VMware Server 1.0.7
VMware ESX 3.0.3, 3.0.2 and 3.0.1: please see the VMware's Security-announce.

No comments: