 VMware advisories/updates |
Welcome! Register for a free account (or login) > How does it work?
|
|
  |
  Dec 3 2008, 06:23 AM
Post
#16
|
|
 AplusWebMaster  Group: Authentic Member Posts: 4,565 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: XP/SP3  |
FYI...
VMSA-2008-0019 - http://lists.vmware.com/pipermail/security...008/000046.html Dec 2 21:08:59 PST 2008 - "VMware Security Advisory Advisory ID: VMSA-2008-0019 Synopsis: VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2 Issue date: 2008-12-02 Updated on: 2008-12-02 (initial release of advisory) CVE numbers: CVE-2008-4917 CVE-2008-1372 Summary: Updated VMware Hosted products and patches for ESX and ESXi resolve two security issues. The first is a critical memory corruption vulnerability in virtual device hardware. The second is an updated bzip2 package for the Service Console... Relevant releases: VMware Workstation 6.0.5 and earlier, VMware Workstation 5.5.8 and earlier, VMware Player 2.0.5 and earlier, VMware Player 1.0.8 and earlier, VMware Server 1.0.9 and earlier, VMware ESXi 3.5 without patch ESXe350-200811401-O-SG VMware ESX 3.5 without patches ESX350-200811406-SG and ESX350-200811401-SG VMware ESX 3.0.3 without patches ESX303-200811404-SG and ESX303-200811401-BG VMware ESX 3.0.2 without patches ESX-1006980 and ESX-1006982 NOTE: Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08. Users should plan to upgrade to ESX 3.0.3 and preferably to the newest release available... Problem Description: Critical Memory corruption vulnerability..." VMSA-2008-0017.2 - http://lists.vmware.com/pipermail/security...008/000047.html Dec 2 21:13:08 PST 2008 - "VMware Security Advisory Advisory ID: VMSA-2008-0017.2 Synopsis: Updated ESX packages for libxml2, ucd-snmp, libtiff Issue date: 2008-10-31 Updated on: 2008-12-02 CVE numbers: CVE-2008-3281 CVE-2008-0960 CVE-2008-2327 CVE-2008-3529 Summary: Updated ESX packages for libxml2, ucd-snmp, libtiff. Relevant releases: ESX 3.0.3 without patch ESX303-200810503-SG ESX 3.0.2 without patch ESX-1006968 ESX 2.5.5 before Upgrade Patch 10 ESX 2.5.4 before Upgrade Patch 21... Problem Description: Updated ESX Service Console package libxml2..." // http://secunia.com/advisories/32965/ - http://secunia.com/advisories/32952/ |
 |
 
|
|
Dec 31 2008, 01:34 PM
Post
#17
|
|
|
AplusWebMaster Group: Authentic Member Posts: 4,565 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: XP/SP3 |
FYI...
VMSA-2008-0019.1 - http://lists.vmware.com/pipermail/security...008/000048.html Change log 2008-12-30 VMSA-2008-0019.1 Updated for the ESX 2.5.5 Update 11 patch for bzip2 released on 2008-12-30... 
|
|
|
|
|
Jan 31 2009, 08:01 AM
Post
#18
|
|
|
AplusWebMaster Group: Authentic Member Posts: 4,565 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: XP/SP3 |
FYI...
VMware updates... - http://isc.sans.org/diary.html?storyid=5770 Last Updated: 2009-01-31 13:39:22 UTC - "VMware issued a number of fixes for VMware ESXi 3.5, VMware ESX 3.5, VMware ESX 3.0.3 and VMware ESX 3.0.2... - CVE-2008-4914 (corrupt VMDK delta file crash) - CVE-2008-4309 (snmp getbulk DoS) - CVE-2008-4226 - CVE-2008-4225 (both libxml2). Announcement: http://lists.vmware.com/pipermail/security...009/000049.html " - http://secunia.com/advisories/33746/ - http://secunia.com/advisories/33776/ VMSA-2009-0001 - http://www.vmware.com/security/advisories/...-2009-0001.html
This post has been edited by AplusWebMaster: Feb 3 2009, 08:23 AM |
|
|
|
|
Feb 24 2009, 10:16 AM
Post
#19
|
|
|
AplusWebMaster Group: Authentic Member Posts: 4,565 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: XP/SP3 |
FYI...
VMSA-2009-0002 VirtualCenter Update... - http://secunia.com/advisories/33999/ Release Date: 2009-02-24 Critical: Moderately critical Impact: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information Where: From remote Solution Status: Vendor Patch ...update for VMware VirtualCenter. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, or disclose sensitive information... VMSA-2009-0002: http://lists.vmware.com/pipermail/security...009/000050.html Feb 23, 2009 - http://secunia.com/advisories/34013/ Release Date: 2009-02-24 Critical: Moderately critical Impact: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information Where: From remote Solution Status: Unpatched... ...VMware has acknowledged some vulnerabilities in multiple VMware products, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, or disclose sensitive information... OS: VMware ESX Server 3.x Software: VMware Server 2.x, VMware VirtualCenter 2.x... Solution: Restrict Tomcat access to trusted users only until patches are available... VMSA-2009-0002: http://lists.vmware.com/pipermail/security...009/000050.html
|
|
|
|
|
Feb 27 2009, 09:42 AM
Post
#20
|
|
|
AplusWebMaster Group: Authentic Member Posts: 4,565 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: XP/SP3 |
FYI...
VMware ESX Server update for ed - http://secunia.com/advisories/34079/ Release Date: 2009-02-27 Impact: System access Where: From remote Solution Status: Vendor Patch OS: VMware ESX Server 2.x ... Original Advisory: http://www.vmware.com/security/advisories/...-2009-0003.html ...
|
|
|
|
|
Apr 1 2009, 08:25 AM
Post
#21
|
|
|
AplusWebMaster Group: Authentic Member Posts: 4,565 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: XP/SP3 |
FYI...
VMware - VMSA-2009-0004 - http://secunia.com/advisories/34530/ Release Date: 2009-04-01 Critical: Moderately critical Impact: Spoofing, System access Where: From remote Solution Status: Partial Fix OS: VMware ESX Server 2.x, VMware ESX Server 3.x ... - http://secunia.com/advisories/34530/2/ Original Advisory: http://www.vmware.com/security/advisories/...-2009-0004.html Advisory ID: VMSA-2009-0004 Synopsis: ESX Service Console updates for openssl, bind, and vim ... CVE numbers: http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2007-2953 http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-2712 http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3432 http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-4101 http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-5077 http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-0025
|
|
|
|
|
Apr 4 2009, 04:08 AM
Post
#22
|
|
|
AplusWebMaster Group: Authentic Member Posts: 4,565 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: XP/SP3 |
FYI...
VMware - VMSA-2009-0005 - http://lists.vmware.com/pipermail/security...009/000054.html Synopsis: VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues Issue date: 2009-04-03 ... a. Denial of service guest to host vulnerability in a virtual device ... b. Windows-based host denial of service vulnerability in hcmon.sys ... c. A VMCI privilege escalation on Windows-based hosts or Windows-based guests... d. VNnc Codec Heap Overflow vulnerabilities ... e. ACE shared folders vulnerability... f. A remote denial of service vulnerability in authd for Windows based hosts... g. VI Client Retains VirtualCenter Server Password in Memory ... Solution: Please review the patch/release notes for your product and version... VMSA-2009-0005 - http://www.vmware.com/security/advisories/...-2009-0005.html CVE numbers: http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3761 http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-4916 http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-0177 http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-0518 http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-0908 http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-0909 http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-0910 http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-1146 http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-1147
This post has been edited by AplusWebMaster: Apr 6 2009, 02:08 PM
Reason for edit: Updated CVE links...
|
|
|
|
|
Apr 11 2009, 06:55 AM
Post
#23
|
|
|
AplusWebMaster Group: Authentic Member Posts: 4,565 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: XP/SP3 |
FYI...
VMware VMSA-2009-0006 - http://www.vmware.com/security/advisories/...-2009-0006.html Advisory ID: VMSA-2009-0006 Synopsis: VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability Issue date: 2009-04-10 1. Summary: Updated VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability. 2. Relevant releases VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 2.0, VMware Server 1.0.8 and earlier, VMware Fusion 2.0.3 and earlier, VMware ESXi 3.5 without patch ESXe350-200904201-O-SG, VMware ESX 3.5 without patch ESX350-200904201-SG, VMware ESX 3.0.3 without patch ESX303-200904403-SG, VMware ESX 3.0.2 without patch ESX-1008421... 3. Problem Description Host code execution vulnerability from a guest operating system. A critical vulnerability in the virtual machine display function might allow a guest operating system to run code on the host. This issue is different from the vulnerability in a guest virtual device driver reported in VMware security advisory VMSA-2009-0005 on 2009-04-03... - http://lists.vmware.com/pipermail/security...009/000055.html - http://www.vmware.com/security/advisories/ - http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-1244 Last revised: 04/13/2009
This post has been edited by AplusWebMaster: Apr 13 2009, 11:00 AM
Reason for edit: CVE updated...
|
|
|
|
|
May 29 2009, 04:24 AM
Post
#24
|
|
|
AplusWebMaster Group: Authentic Member Posts: 4,565 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: XP/SP3 |
FYI...
VMware ESX update for libpng - http://secunia.com/advisories/35258/2/ Release Date: 2009-05-29 Critical: Moderately critical Impact: DoS, System access Where: From remote Solution Status: Vendor Patch OS: VMware ESX Server 2.x Solution: ESX 2.5.5: Apply Upgrade Patch 13... Original Advisory: VMSA-2009-0007*... - http://secunia.com/advisories/35269/2/ OS: VMware ESX Server 3.x, VMware ESXi 3.x Software: VMWare ACE 2.x, VMware Fusion 2.x, VMWare Player 2.x, VMware Server 1.x, VMware Server 2.x, VMware Workstation 6.x... Solution: Update to a fixed version. Please see vendor advisory for additional information regarding VMware Tools update requirements. Original Advisory: VMSA-2009-0007*... VMware VMSA-2009-0007 * http://www.vmware.com/security/advisories/...-2009-0007.html
|
|
|
|
|
Jul 1 2009, 04:57 AM
Post
#25
|
|
|
AplusWebMaster Group: Authentic Member Posts: 4,565 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: XP/SP3 |
FYI...
VMware ESX Server update for krb5 - http://secunia.com/advisories/35667/2/ Release Date: 2009-07-01 Critical: Highly critical Impact: DoS, System access Where: From remote Solution Status: Partial Fix OS: VMware ESX Server 2.x, VMware ESX Server 3.x Solution: Apply patches. ESX 3.5: Apply ESX350-200906407-SG. http://download3.vmware.com/software/vi/ES...00906407-SG.zip ESX 2.5.5, 3.0.2, 3.0.3, and 4.0: Patches are not yet available. Restrict access to Kerberos services if present (not installed by default). Original Advisory: VMSA-2009-0008: http://lists.vmware.com/pipermail/security...009/000059.html ... - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846 
|
|
|
|
|
Jul 11 2009, 02:31 AM
Post
#26
|
|
|
AplusWebMaster Group: Authentic Member Posts: 4,565 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: XP/SP3 |
FYI...
VMWare security advisories - VMSA-2009-0009 / VMSA-2009-0008 - http://isc.sans.org/diary.html?storyid=6766 Last Updated: 2009-07-11 03:36:00 UTC - "... updates to the ESX Service Console: > http://lists.vmware.com/pipermail/security...009/000060.html Jul 10 17:03:28 PDT 2009 VMSA-2009-0009, a new advisory concerning ESX Service Console updates for udev, sudo, and curl. > http://lists.vmware.com/pipermail/security...009/000061.html Jul 10 17:37:00 PDT 2009 VMSA-2009-0008, an advisory from June 30th, has been updated. It is an ESX Service Console update for krb5..." - http://www.vmware.com/security/advisories/...-2009-0009.html - http://www.vmware.com/security/advisories/...-2009-0008.html
|
|
|
|
|
Aug 21 2009, 05:51 AM
Post
#27
|
|
|
AplusWebMaster Group: Authentic Member Posts: 4,565 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: XP/SP3 |
FYI...
VMware Hosted products update libpng and Apache HTTP Server - http://secunia.com/advisories/36379/2/ Release Date: 2009-08-21 Critical: Moderately critical Impact: Cross Site Scripting, DoS, System access Where: From remote Solution Status: Vendor Patch Software: VMWare ACE 2.x, VMWare Player 2.x, VMware Workstation 6.x Original Advisory: VMSA-2009-0010: http://lists.vmware.com/pipermail/security...009/000062.html CVE numbers: CVE-2009-0040, CVE-2007-3847, CVE-2007-1863, CVE-2006-5752, CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 > http://www.vmware.com/support/ace25/doc/re...#resolvedissues > http://www.vmware.com/support/ws65/doc/rel...#resolvedissues > http://www.vmware.com/support/player25/doc...#resolvedissues
This post has been edited by AplusWebMaster: Aug 21 2009, 06:29 AM |
|
|
|
|
Sep 7 2009, 10:40 AM
Post
#28
|
|
|
AplusWebMaster Group: Authentic Member Posts: 4,565 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: XP/SP3 |
FYI...
VMware VMSA-2009-0012 VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues - http://lists.vmware.com/pipermail/security...009/000065.html 2009-09-04 - "... Initial security advisory after release of Workstation Movie Decoder on 2009-09-04. The corresponding updated versions of Workstation, Player and ACE were released on 2009-08-20..." > http://www.vmware.com/security/advisories/ - http://secunia.com/advisories/34938/2/ Release Date: 2009-09-07 Critical: Highly critical Impact: System access Where: From remote Solution Status: Vendor Patch... Software: VMware Workstation Movie Decoder 6.x... Solution: Update to version 6.5.3 build 185404... http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0199 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2628
|
|
|
|
|
Oct 3 2009, 05:39 PM
Post
#29
|
|
|
AplusWebMaster Group: Authentic Member Posts: 4,565 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: XP/SP3 |
FYI...
VMware vuln - update available - http://secunia.com/advisories/36928/2/ Release Date: 2009-10-02 Critical: Less critical Impact: Privilege escalation, DoS Where: Local system Solution Status: Vendor Patch Software: VMware Fusion 2.x ... Solution: Update to version 2.0.6 build 196839. Original Advisory: VMSA-2009-0013: http://lists.vmware.com/pipermail/security...009/000066.html > http://www.vmware.com/security/advisories/...-2009-0013.html
|
|
|
|
|
Oct 17 2009, 11:43 AM
Post
#30
|
|
|
AplusWebMaster Group: Authentic Member Posts: 4,565 Joined: 30-December 03 From: USA Member No.: 1,643 Operating System: XP/SP3 |
FYI...
VMware - VMSA-2009-0014 - http://www.vmware.com/security/advisories/...-2009-0014.html Synopsis: VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues. Issue date: 2009-10-16 CVE numbers: CVE-2009-0692 CVE-2009-1893 CVE-2009-0692 CVE-2008-4210 CVE-2008-3275 CVE-2008-5356 CVE-2008-0598 CVE-2008-2136 CVE-2008-2812 CVE-2007-6063 CVE-2008-3525 CVE-2008-2086 CVE-2008-5347 CVE-2008-5348 CVE-2008-5349 CVE-2008-5350 CVE-2008-5351 CVE-2008-5352 CVE-2008-5353 CVE-2008-5354 CVE-2008-5357 CVE-2008-5358 CVE-2008-5359 CVE-2008-5360 CVE-2008-5339 CVE-2008-5342 CVE-2008-5344 CVE-2008-5345 CVE-2008-5346 CVE-2008-5340 CVE-2008-5341 CVE-2008-5343 CVE-2008-5355 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1099 CVE-2009-1100 CVE-2009-1101 CVE-2009-1102 CVE-2009-1103 CVE-2009-1104 CVE-2009-1105 CVE-2009-1106 CVE-2009-1107 VMSA-2009-0002.1 VirtualCenter Update 4 and ESX patch update - http://lists.vmware.com/pipermail/security...009/000068.html 2009-10-16
|
|
|
|
|
Similar Topics
| Topic Title | Replies | Topic Starter | Views | Last Action | |||
|---|---|---|---|---|---|---|---|
 |
37 | boghog | 615 | Today, 03:40 PM Last post by: boghog |
|||
|
|
172 | AplusWebMaster | 26,023 | 12th March 2010 - 05:25 PM Last post by: AplusWebMaster |
||
|
|
43 | AplusWebMaster | 5,320 | 12th March 2010 - 04:14 AM Last post by: AplusWebMaster |
||
|
|
15 | AplusWebMaster | 2,280 | 11th March 2010 - 05:30 AM Last post by: AplusWebMaster |
||
|
Time is now: 16th March 2010 - 10:52 PM |
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
