Posts Tagged VMWare
VMware Hosted products update libpng and Apache HTTP Server
Posted by Mourad Ben Lakhoua in News, Vulnerabilities on August 24, 2009
VMware has released new security advisory VMSA-2009-0010, in this advisory there is updates for the VMware Workstation, VMware Player, VMware ACE and a pending updates for VMware Server 1.X and 2.X.
According to the Security advisory descriptions there were discovered in the way third party library libpng handled uninitialized pointers. An attacker could create a PNG image file in such a way, that when loaded by an application linked to libpng, it could cause the application to crash or execute arbitrary code at the privilege level of the user that runs the application. The new version of ACE updates the Apache HTTP Server on Windows hosts to version 2.0.63 which addresses multiple security issues that existed in the previous versions of this server.
So it’s time to apply any necessary updates or workarounds to help mitigate the risks.
make sure you subscribe to my RSS feed!
VMware patches a critical security vulnerability
Posted by Mourad Ben Lakhoua in Vulnerabilities on April 11, 2009
VMWare has released new patches to address multiple vulnerabilities in the VMWare Hosted products, and ESX. These vulnerabilities may allow the ability to execute on the host server from a guest operating system.
Relevant releases :
• VMware Workstation 6.5.1 and earlier,
• VMware Player 2.5.1 and earlier,
• VMware ACE 2.5.1 and earlier,
• VMware Server 2.0,
• VMware Server 1.0.8 and earlier,
• VMware Fusion 2.0.3 and earlier,
• VMware ESXi 3.5 without patch ESXe350-200904201-O-SG,
• VMware ESX 3.5 without patch ESX350-200904201-SG,
• VMware ESX 3.0.3 without patch ESX303-200904403-SG,
• VMware ESX 3.0.2 without patch ESX-1008421.
So it is time to apply any necessary updates to help mitigate the risks.
SUBSCRIBE
Latest Comments