 VMware advisories/updates |
Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)
  |
  Feb 24 2008, 08:42 AM
Post
#1
|
|
 AplusWebMaster  Group: Authentic Member Posts: 3,672 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: WinXP  |
- http://secunia.com/advisories/29032/ Release Date: 2008-02-22 Critical: Moderately critical Impact: Security Bypass, Exposure of sensitive information, DoS, System access Where: From remote Solution Status: Vendor Patch OS: VMware ESX Server 2.x, VMware ESX Server 3.x ... Solution: Apply patches... Original Advisory: http://lists.vmware.com/pipermail/security...008/000005.html ... VMware client products on Windows... > http://isc.sans.org/diary.html?storyid=4018 Last Updated: 2008-02-24 12:19:22 UTC "... VMware vulnerability*... full scape from the guest virtual machine to the host is possible: "On Windows hosts, if you have configured a VMware host-to-guest shared folder, it is possible for a program running in the guest to gain access to the host's complete file system and create or modify executable files in sensitive locations." It has been rated as critical by VMware and it affects all VMware client products on Windows, that is: - VMware Workstation 6.0.2 and earlier, AND 5.5.4 and earlier - VMware Player 2.0.2 and earlier, AND 1.0.4 and earlier - VMware ACE 2.0.2 and earlier, AND 1.0.2 and earlier..." * http://preview.tinyurl.com/2vybj7 Last Modified Date: 02-22-2008 (VMware KB) Workaround: Until VMware releases a patch to fix this issue, users of affected Windows-hosted VMware products should disable shared folders... > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1744 ...Patch Information http://www.vmware.com/support/ws55/doc/rel...s_ws55.html#554 ... This post has been edited by AplusWebMaster: Jun 7 2008, 03:48 AM |
 |
 
|
|
Feb 26 2008, 08:38 PM
Post
#2
|
|
|
AplusWebMaster Group: Authentic Member Posts: 3,672 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: WinXP |
FYI...
- http://isc.sans.org/diary.html?storyid=4018 Last Updated: 2008-02-26 02:29:41 UTC ...(Version: 3) "UPDATE... Although the VMware alert mentions VMware Workstation 5.5.4 (or earlier), ACE 1.0.2 (or earlier) and Player 1.0.4 (or earlier), the latest versions available are VMware Workstation 5.5.5, ACE 1.0.4 and Player 1.0.5. We have confirmed with VMware that -all- versions of Workstation, ACE and Player are affected. They will release a fix ASAP." > http://preview.tinyurl.com/2vybj7 Last Modified Date: 02-22-2008 (VMware KB) - "...Workaround: Until VMware releases a patch to fix this issue, users of affected Windows-hosted VMware products should disable shared folders..." 
|
|
|
|
|
Mar 17 2008, 03:12 PM
Post
#3
|
|
|
AplusWebMaster Group: Authentic Member Posts: 3,672 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: WinXP |
FYI...
VMware Workstation 6.0.3 for Windows released - http://www.vmware.com/download/ws/ Latest Version: 6.0.3 | 3/14/08 | Build: 80004 Workstation 6.0 Release Notes - http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ...Workstation 6.0.3 addresses the following security issues: * On Windows hosts, if you have configured and enabled a shared folder, it is possible for an attacker to write arbitrary content from a guest system to arbitrary locations on the host system (CORE-2007-0930). (bug 200360)... (... other issues also addressed) - http://www.vmware.com/security/advisories/ March 17, 2008 VMSA-2008-0005 ----------------------------------------------- - http://secunia.com/advisories/29412/ Release Date: 2008-03-17 Software: VMware Server 1.x Impact: Security Bypass, Privilege escalation, DoS Where: From remote Solution Status: Vendor Patch ...The vulnerabilities are reported in versions prior to 1.0.5. Solution: Update to version 1.0.5... VMware server release notes - http://www.vmware.com/support/server/doc/r...r.html#resolved Download: - http://www.vmware.com/download/server/ Latest Version: 1.0.5 | 3/14/08 | Build: 80187 This post has been edited by AplusWebMaster: Mar 20 2008, 04:31 AM |
|
|
|
|
Mar 31 2008, 04:29 AM
Post
#4
|
|
|
AplusWebMaster Group: Authentic Member Posts: 3,672 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: WinXP |
FYI...
VMware ESX Server update - http://secunia.com/advisories/29591/ Release Date: 2008-03-31 Critical: Moderately critical Impact: DoS Where: From remote Solution Status: Vendor Patch OS: VMware ESX Server 2.x Solution: Apply patches. ESX 2.5.5 Upgrade Patch 6 - http://vmware.com/support/esx25/doc/esx-25...0803-patch.html Original Advisory: - http://lists.vmware.com/pipermail/security...008/000009.html |
|
|
|
|
Jun 1 2008, 12:16 PM
Post
#5
|
|
|
AplusWebMaster Group: Authentic Member Posts: 3,672 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: WinXP |
FYI...
VMSA-2008-0008 - http://www.vmware.com/security/advisories/...-2008-0008.html "Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues. Synopsis: Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues Issue date: 2008-05-30 Updated on: 2008-05-30 (initial release of advisory) CVE numbers: - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2098 - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2099 - http://isc.sans.org/diary.html?storyid=4501 Last Updated: 2008-06-01 13:56:42 UTC - "...The advisory affects the following products: VMware Workstation 6.0.3 and earlier VMware Player 2.0.3 and earlier VMware ACE 2.0.3 and earlier VMware Fusion 1.1.1 and earlier Windows based VMCI arbitrary code execution vulnerability... VMware Host Guest File System (HGFS) shared folders...
This post has been edited by AplusWebMaster: Jun 2 2008, 12:17 PM |
|
|
|
|
Jun 5 2008, 06:12 AM
Post
#6
|
|
|
AplusWebMaster Group: Authentic Member Posts: 3,672 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: WinXP |
FYI...
VMware ESX Server Multiple Security Updates - http://secunia.com/advisories/30535/ Release Date: 2008-06-05 Critical: Highly critical Impact: Exposure of sensitive information, DoS, System access Where: From remote Solution Status: Vendor Patch OS: VMware ESX Server 2.x, VMware ESX Server 3.x ...fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system... Solution: Apply patches... Original Advisory: http://www.vmware.com/security/advisories/...-2008-0009.html VMSA-2008-0009 "Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues..." Also see: http://secunia.com/advisories/30556/ . This post has been edited by AplusWebMaster: Jun 6 2008, 04:44 AM |
|
|
|
|
Jun 17 2008, 04:48 AM
Post
#7
|
|
|
AplusWebMaster Group: Authentic Member Posts: 3,672 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: WinXP |
FYI...
VMSA-2008-0010 - http://www.vmware.com/security/advisories/...-2008-0010.html Synopsis: Updated Tomcat and Java JRE packages for VMware ESX 3.5 Issue date: 2008-06-16 Summary: Updated Tomcat and Java JRE packages for VMware ESX 3.5 Notes: These vulnerabilities can be exploited remotely only if the attacker has access to the service console network. Security best practices provided by VMware recommend that the service console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices. The currently installed versions of Tomcat and JRE depend on your patch deployment history... - http://www.vmware.com/security/advisories/ - http://secunia.com/advisories/30676/ Release Date: 2008-06-17 Critical: Highly critical Impact: Security Bypass, Manipulation of data, Exposure of system information, Exposure of sensitive information, DoS, System access...
|
|
|
|
|
Aug 13 2008, 06:08 AM
Post
#8
|
|
|
AplusWebMaster Group: Authentic Member Posts: 3,672 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: WinXP |
FYI...
VMware updates for OpenSSL, net-snmp, and perl - http://secunia.com/advisories/31467/ Release Date: 2008-08-13 Critical: Highly critical Impact: Spoofing, DoS, System access Where: From remote Solution Status: Partial Fix OS: VMware ESX Server 3.x ... Solution: Update to version 3.0.3 if possible or apply patches if available. -- VMware ESX 3.0.1 and 3.0.2 -- Patches are not yet available. The vendor recommends to upgrade to version 3.0.3. -- VMware ESX 3.5 -- Patches for CVE-2007-3108 and CVE-2007-5135 are available via VMSA-2008-0001... Patches for the other issues are still pending. Original Advisory: VMware VMSA-2008-0013: http://www.vmware.com/security/advisories/...-2008-0013.html ... VMware ESXi OpenSSL vulns - http://secunia.com/advisories/31489/ Release Date: 2008-08-13 Critical: Highly critical Impact: DoS, System access Where: From remote Solution Status: Unpatched OS: VMware ESXi 3.x... ...The vulnerabilities are reported in version 3.5. Other versions may also be affected. Solution: Use in a trusted network environment only. Original Advisory: VMware VMSA-2008-0013: http://www.vmware.com/security/advisories/...-2008-0013.html ... VMware VirtualCenter User Account Disclosure - update available - http://secunia.com/advisories/31468/ Release Date: 2008-08-13 Critical: Not critical Impact: Exposure of system information Where: From local network Solution Status: Vendor Patch Software: VMware VirtualCenter 2.x ... Original Advisory: VMware VMSA-2008-0012: http://www.vmware.com/security/advisories/...-2008-0012.html ... VMSA-2008-0012: - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3514 VMSA-2008-0013: - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3108 - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5135 - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0960 - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1927 - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2292
This post has been edited by AplusWebMaster: Aug 16 2008, 11:20 AM
Reason for edit: Added CVE references...
|
|
|
|
|
Aug 29 2008, 08:47 PM
Post
#9
|
|
|
AplusWebMaster Group: Authentic Member Posts: 3,672 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: WinXP |
FYI...
- http://isc.sans.org/diary.html?storyid=4949 Last Updated: 2008-08-29 22:20:32 UTC - "...VMware released updates for for ACE, Server, Player and Workstation products: VMware ACE 2.0.5 - http://www.vmware.com/support/ace2/doc/rel....html#bugfix205 Release Date: August 28, 2008 VMware Player 2.0.5 - http://www.vmware.com/support/player2/doc/....html#bugfix205 Release Date: August 28, 2008 VMware Server 1.0.7 - http://www.vmware.com/support/server/doc/r....html#bugfix107 Release Date: August 28, 2008 VMware Workstation 6.0.5 - http://www.vmware.com/support/ws6/doc/rele....html#bugfix605 Release Date: August 28, 2008 ..."
|
|
|
|
 Sep 2 2008, 05:02 AM
Post
#10
|
|
|
AplusWebMaster Group: Authentic Member Posts: 3,672 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: WinXP |
FYI...
- http://isc.sans.org/diary.html?storyid=4949 Last Updated: 2008-08-30 15:51:06 UTC ...(Version: 2) "...Update: (2008-08-30-15:50 UTC) The VMware bulletin can be found at http://lists.vmware.com/pipermail/security...008/000033.html ..." http://secunia.com/advisories/31711/ - VMware Fusion Multiple Vulnerabilities http://secunia.com/advisories/31710/ - VMware ACE Multiple Vulnerabilities http://secunia.com/advisories/31709/ - VMware Player Multiple Vulnerabilities http://secunia.com/advisories/31708/ - VMware Server Multiple Vulnerabilities http://secunia.com/advisories/31707/ - VMware Workstation Multiple Vulnerabilities Release Date: 2008-09-01 
|
|
|
|
|
Sep 19 2008, 04:35 AM
Post
#11
|
|
|
AplusWebMaster Group: Authentic Member Posts: 3,672 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: WinXP |
FYI...
VMWare ESX(i) 3.5 security patches - http://isc.sans.org/diary.html?storyid=5056 Last Updated: 2008-09-19 08:10:50 UTC - "VMWare released a new security patch and updated two old patches for ESX 3.5 and ESXi 3.5 today. The following patches are released and re-released: VMSA-2008-0015: http://www.vmware.com/security/advisories/...-2008-0015.html Issue date: 2008-09-18 – fixing two remote buffer overflow vulnerabilities in openwsman which is installed and running by default. VMSA-2008-0014: http://www.vmware.com/security/advisories/...-2008-0014.html Issue date: 2008-08-29 / Updated on: 2008-09-18 – added fixes for libpng and bind for ESX 3.5 servers VMSA-2008-0013: http://www.vmware.com/security/advisories/...-2008-0013.html Issue date: 2008-08-12 / Updated on: 2008-09-18 – added fixes for net-snmp and perl for ESX 3.5 servers - http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-2234 - http://secunia.com/advisories/31942/
This post has been edited by AplusWebMaster: Sep 19 2008, 04:43 AM
Reason for edit: Added CVE and Secunia advisory links...
|
|
|
|
|
Oct 31 2008, 04:51 AM
Post
#13
|
|
|
AplusWebMaster Group: Authentic Member Posts: 3,672 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: WinXP |
FYI...
VMSA-2008-0017 - http://lists.vmware.com/pipermail/security...008/000039.html Issue date: 2008-10-31 VMSA-2008-0014.3 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX, VMware VCB address information disclosure, privilege escalation and other security issues - http://lists.vmware.com/pipermail/security...008/000040.html VMSA-2008-0011.3 Updated ESX service console packages for Samba and vmnix - http://lists.vmware.com/pipermail/security...008/000041.html - http://secunia.com/advisories/32488/ Release Date: 2008-10-31 Critical: Moderately critical - http://www.vmware.com/security/advisories/...-2008-0017.html Synopsis: Updated ESX packages for libxml2, ucd-snmp, libtiff Issue date: 2008-10-31 ...
This post has been edited by AplusWebMaster: Oct 31 2008, 04:15 PM |
|
|
|
|
Nov 7 2008, 05:45 AM
Post
#14
|
|
|
AplusWebMaster Group: Authentic Member Posts: 3,672 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: WinXP |
FYI...
VMware - VMSA-2008-0018 - http://lists.vmware.com/pipermail/security...008/000042.html Advisory ID: VMSA-2008-0018 Synopsis: VMware Hosted products and patches for ESX and ESXi resolve two security issues Issue date: 2008-11-06 Updated on: 2008-11-06 (initial release of advisory) CVE numbers: CVE-2008-4915 CVE-2008-4281 > Summary: VMware Hosted products and patches for ESX and ESXi resolve multiple security issues. A flaw in the CPU hardware emulation may allow for a privilege escalation on virtual machine guest operating systems. In addition a directory traversal issue is resolved. > Relevant releases VMware Workstation 6.0.5 and earlier, VMware Workstation 5.5.8 and earlier, VMware Player 2.0.5 and earlier, VMware Player 1.0.8 and earlier, VMware ACE 2.0.5 and earlier, VMware ACE 1.0.7 and earlier, VMware Server 1.0.7 and earlier. VMware ESXi 3.5 without patch ESXe350-200810401-O-UG VMware ESX 3.5 without patch ESX350-200810201-UG VMware ESX 3.0.3 without patch ESX303-200810501-BG VMware ESX 3.0.2 without patch ESX-1006680 VMware ESX 2.5.5 without upgrade patch 10 or later VMware ESX 2.5.4 without upgrade patch 21 NOTE: Hosted products VMware Workstation 5.x, VMware Player 1.x, and VMware ACE 1.x will reach end of general support 2008-11-09. Customers should plan to upgrade to the latest version of their respective products. Extended support (Security and Bug fixes) for ESX 3.0.2 ended on 2008-10-29 and Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08. Users should plan to upgrade to ESX 3.0.3 and preferably to the newest release available..." |
|
|
|
|
Nov 7 2008, 09:57 AM
Post
#15
|
|
|
AplusWebMaster Group: Authentic Member Posts: 3,672 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: WinXP |
FYI...
VMware - VMSA-2008-0016.1 - http://lists.vmware.com/pipermail/security...008/000043.html Advisory ID: VMSA-2008-0016.1 Synopsis: VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues. Issue date: 2008-10-03 Updated on: 2008-11-06 CVE numbers: CVE-2008-4279 CVE-2008-4278 CVE-2008-3103 CVE-2008-3104 CVE-2008-3105 CVE-2008-3106 CVE-2008-3107 CVE-2008-3108 CVE-2008-3109 CVE-2008-3110 CVE-2008-3111 CVE-2008-3112CVE-2008-3113 CVE-2008-3114 CVE-2008-3115 - ------------------------------------------------------------------------ Summary: VMware addresses a in-guest privilege escalation on 64-bit guest operating systems in ESX, ESXi, and previously released versions of our hosted product line. Updated VMware VirtualCenter Update 3 addresses potential information disclosure and updates Java JRE packages. - ----------------- Relevant releases: VirtualCenter 2.5 before Update 3 build 119838 VMware Workstation 6.0.4 and earlier, VMware Workstation 5.5.7 and earlier, VMware Player 2.0.4 and earlier, VMware Player 1.0.7 and earlier, VMware ACE 2.0.4 and earlier, VMware ACE 1.0.6 and earlier, VMware Server 1.0.6 and earlier, VMware ESXi 3.5 without patch ESXe350-200809401-I-SG VMware ESX 3.5 without patches ESX350-200809404-SG, ESX350-200810215-UG VMware ESX 3.0.3 without patch ESX303-200809401-SG VMware ESX 3.0.2 without patch ESX-1006361 VMware ESX 3.0.1 without patch ESX-1006678... // |
|
|
< |