VMware Hosted products update libpng and Apache HTTP Server
VMware has released new security advisory VMSA-2009-0010, in this advisory there is updates for the VMware Workstation, VMware Player, VMware ACE and a pending updates for VMware Server 1.X and 2.X.
According to the Security advisory descriptions there were discovered in the way third party library libpng handled uninitialized pointers. An attacker could create a PNG image file in such a way, that when loaded by an application linked to libpng, it could cause the application to crash or execute arbitrary code at the privilege level of the user that runs the application. The new version of ACE updates the Apache HTTP Server on Windows hosts to version 2.0.63 which addresses multiple security issues that existed in the previous versions of this server.
So it’s time to apply any necessary updates or workarounds to help mitigate the risks.
make sure you subscribe to my RSS feed!