Saturday, April 4, 2009

Patches Available For VMware software

VMware has patched some vulnerabilities found in its VMware -products. Vulnerabilities are related to ia VMware ESX Service Console's openssl, bind and vim implementations. Of vim there has been fixed a vulnerability that would make it possible to an attacker execute arbitrary code by luring user open specially crafted document. Among this, there have been fixed denial of service (DoS) and arbitrary code execution vulnerabilities in VMware ESX, ESXi, Server, ACE, Player and Workstation.

Vulnerable versions are:
- VMware Workstation 6.5.1 and earlier
- VMware Player 2.5.1 and earlier
- VMware ACE 2.5.1 and earlier
- VMware Server 2.0
- VMware Server 1.0.8 and earlier
- VMware ESXi 3.5 without updates ESXe350-200811401-O-SG and
ESXe350-200903201-O-UG
- VMware ESX 3.5 without updates ESX350-200811401-SG and
ESX350-200903201-UG
- VMware ESX 3.0.3 without updates ESX303-200811401-BG,
ESX303-200903406-SG, ESX303-200903405-SG and ESX303-200903403-SG
- VMware ESX 3.0.2 without updates ESX-1006980 ESX-1008409,
ESX-1008408 and ESX-1008406

Users of these mentioned versions are recommended to update by following VMware's instructions:
http://lists.vmware.com/pipermail/security-announce/2009/000053.html
http://lists.vmware.com/pipermail/security-announce/2009/000054.html

No comments: