181 replies to this topic

[AplusWebMaster]

FYI...

VMSA-2008-0019
- http://lists.vmware....008/000046.html
Dec 2 21:08:59 PST 2008 - "VMware Security Advisory
Advisory ID: VMSA-2008-0019
Synopsis: VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2
Issue date: 2008-12-02
Updated on: 2008-12-02 (initial release of advisory)
CVE numbers: CVE-2008-4917 CVE-2008-1372
Summary:
Updated VMware Hosted products and patches for ESX and ESXi resolve two security issues. The first is a critical memory corruption vulnerability in virtual device hardware. The second is an updated bzip2 package for the Service Console...
Relevant releases:
VMware Workstation 6.0.5 and earlier,
VMware Workstation 5.5.8 and earlier,
VMware Player 2.0.5 and earlier,
VMware Player 1.0.8 and earlier,
VMware Server 1.0.9 and earlier,
VMware ESXi 3.5 without patch ESXe350-200811401-O-SG
VMware ESX 3.5 without patches ESX350-200811406-SG and
ESX350-200811401-SG
VMware ESX 3.0.3 without patches ESX303-200811404-SG and
ESX303-200811401-BG
VMware ESX 3.0.2 without patches ESX-1006980 and ESX-1006982
NOTE: Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08. Users should plan to upgrade to ESX 3.0.3 and preferably to the newest release available...
Problem Description: Critical Memory corruption vulnerability..."

VMSA-2008-0017.2
- http://lists.vmware....008/000047.html
Dec 2 21:13:08 PST 2008 - "VMware Security Advisory
Advisory ID: VMSA-2008-0017.2
Synopsis: Updated ESX packages for libxml2, ucd-snmp, libtiff
Issue date: 2008-10-31
Updated on: 2008-12-02
CVE numbers: CVE-2008-3281 CVE-2008-0960 CVE-2008-2327 CVE-2008-3529
Summary:
Updated ESX packages for libxml2, ucd-snmp, libtiff.
Relevant releases:
ESX 3.0.3 without patch ESX303-200810503-SG
ESX 3.0.2 without patch ESX-1006968
ESX 2.5.5 before Upgrade Patch 10
ESX 2.5.4 before Upgrade Patch 21...
Problem Description:
Updated ESX Service Console package libxml2..."

// http://secunia.com/advisories/32965/ - http://secunia.com/advisories/32952/

[AplusWebMaster]

FYI...

VMSA-2008-0019.1
- http://lists.vmware....008/000048.html
Change log
2008-12-30 VMSA-2008-0019.1
Updated for the ESX 2.5.5 Update 11 patch for bzip2 released on 2008-12-30...

[AplusWebMaster]

FYI...

VMware updates...
- http://isc.sans.org/...ml?storyid=5770
Last Updated: 2009-01-31 13:39:22 UTC - "VMware issued a number of fixes for VMware ESXi 3.5, VMware ESX 3.5, VMware ESX 3.0.3 and VMware ESX 3.0.2...
- CVE-2008-4914 (corrupt VMDK delta file crash)
- CVE-2008-4309 (snmp getbulk DoS)
- CVE-2008-4226
- CVE-2008-4225 (both libxml2).
Announcement: http://lists.vmware....009/000049.html "

- http://secunia.com/advisories/33746/

- http://secunia.com/advisories/33776/

VMSA-2009-0001
- http://www.vmware.co...-2009-0001.html

Edited by AplusWebMaster, 03 February 2009 - 08:23 AM.

[AplusWebMaster]

FYI...

VMSA-2009-0002 VirtualCenter Update...
- http://secunia.com/advisories/33999/
Release Date: 2009-02-24
Critical: Moderately critical
Impact: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information
Where: From remote
Solution Status: Vendor Patch
...update for VMware VirtualCenter. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, or disclose sensitive information...
VMSA-2009-0002:
http://lists.vmware....009/000050.html
Feb 23, 2009

- http://secunia.com/advisories/34013/
Release Date: 2009-02-24
Critical: Moderately critical
Impact: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information
Where: From remote
Solution Status: Unpatched...
...VMware has acknowledged some vulnerabilities in multiple VMware products, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, or disclose sensitive information...
OS: VMware ESX Server 3.x
Software: VMware Server 2.x, VMware VirtualCenter 2.x...
Solution: Restrict Tomcat access to trusted users only until patches are available...
VMSA-2009-0002:
http://lists.vmware....009/000050.html

[AplusWebMaster]

FYI...

VMware ESX Server update for ed
- http://secunia.com/advisories/34079/
Release Date: 2009-02-27
Impact: System access
Where: From remote
Solution Status: Vendor Patch
OS: VMware ESX Server 2.x ...
Original Advisory:
http://www.vmware.co...-2009-0003.html ...

[AplusWebMaster]

FYI...

VMware - VMSA-2009-0004
- http://secunia.com/advisories/34530/
Release Date: 2009-04-01
Critical: Moderately critical
Impact: Spoofing, System access
Where: From remote
Solution Status: Partial Fix
OS: VMware ESX Server 2.x, VMware ESX Server 3.x ...
- http://secunia.com/advisories/34530/2/
Original Advisory: http://www.vmware.co...-2009-0004.html
Advisory ID: VMSA-2009-0004
Synopsis: ESX Service Console updates for openssl, bind, and vim ...
CVE numbers:
http://web.nvd.nist....d=CVE-2007-2953
http://web.nvd.nist....d=CVE-2008-2712
http://web.nvd.nist....d=CVE-2008-3432
http://web.nvd.nist....d=CVE-2008-4101
http://web.nvd.nist....d=CVE-2008-5077
http://web.nvd.nist....d=CVE-2009-0025

[AplusWebMaster]

FYI...

VMware - VMSA-2009-0005
- http://lists.vmware....009/000054.html
Synopsis: VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues
Issue date: 2009-04-03 ...
a. Denial of service guest to host vulnerability in a virtual device ...
b. Windows-based host denial of service vulnerability in hcmon.sys ...
c. A VMCI privilege escalation on Windows-based hosts or Windows-based guests...
d. VNnc Codec Heap Overflow vulnerabilities ...
e. ACE shared folders vulnerability...
f. A remote denial of service vulnerability in authd for Windows based hosts...
g. VI Client Retains VirtualCenter Server Password in Memory ...
Solution: Please review the patch/release notes for your product and version...

VMSA-2009-0005
- http://www.vmware.co...-2009-0005.html

CVE numbers:
http://web.nvd.nist....d=CVE-2008-3761
http://web.nvd.nist....d=CVE-2008-4916
http://web.nvd.nist....d=CVE-2009-0177
http://web.nvd.nist....d=CVE-2009-0518
http://web.nvd.nist....d=CVE-2009-0908
http://web.nvd.nist....d=CVE-2009-0909
http://web.nvd.nist....d=CVE-2009-0910
http://web.nvd.nist....d=CVE-2009-1146
http://web.nvd.nist....d=CVE-2009-1147

Edited by AplusWebMaster, 06 April 2009 - 02:08 PM.
Updated CVE links...

[AplusWebMaster]

FYI...

VMware VMSA-2009-0006
- http://www.vmware.co...-2009-0006.html
Advisory ID: VMSA-2009-0006
Synopsis: VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability
Issue date: 2009-04-10
1. Summary: Updated VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability.
2. Relevant releases
VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 2.0,
VMware Server 1.0.8 and earlier, VMware Fusion 2.0.3 and earlier, VMware ESXi 3.5 without patch ESXe350-200904201-O-SG, VMware ESX 3.5 without patch ESX350-200904201-SG, VMware ESX 3.0.3 without patch ESX303-200904403-SG, VMware ESX 3.0.2 without patch ESX-1008421...
3. Problem Description
Host code execution vulnerability from a guest operating system.
A critical vulnerability in the virtual machine display function might allow a guest operating system to run code on the host.
This issue is different from the vulnerability in a guest virtual device driver reported in VMware security advisory VMSA-2009-0005 on 2009-04-03...
- http://lists.vmware....009/000055.html

- http://www.vmware.co...ity/advisories/

- http://web.nvd.nist....d=CVE-2009-1244
Last revised: 04/13/2009

Edited by AplusWebMaster, 13 April 2009 - 11:00 AM.
CVE updated...

[AplusWebMaster]

FYI...

VMware ESX update for libpng
- http://secunia.com/advisories/35258/2/
Release Date: 2009-05-29
Critical: Moderately critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: VMware ESX Server 2.x
Solution: ESX 2.5.5: Apply Upgrade Patch 13...
Original Advisory: VMSA-2009-0007*...

- http://secunia.com/advisories/35269/2/
OS: VMware ESX Server 3.x, VMware ESXi 3.x
Software: VMWare ACE 2.x, VMware Fusion 2.x, VMWare Player 2.x, VMware Server 1.x, VMware Server 2.x, VMware Workstation 6.x...
Solution: Update to a fixed version. Please see vendor advisory for additional information regarding VMware Tools update requirements.
Original Advisory: VMSA-2009-0007*...

VMware VMSA-2009-0007
* http://www.vmware.co...-2009-0007.html

[AplusWebMaster]

FYI...

VMware ESX Server update for krb5
- http://secunia.com/advisories/35667/2/
Release Date: 2009-07-01
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Partial Fix
OS: VMware ESX Server 2.x, VMware ESX Server 3.x
Solution: Apply patches.
ESX 3.5: Apply ESX350-200906407-SG.
http://download3.vmw...00906407-SG.zip
ESX 2.5.5, 3.0.2, 3.0.3, and 4.0:
Patches are not yet available. Restrict access to Kerberos services if present (not installed by default).
Original Advisory: VMSA-2009-0008:
http://lists.vmware....009/000059.html ...

- http://cve.mitre.org...e=CVE-2009-0846

[AplusWebMaster]

FYI...

VMWare security advisories - VMSA-2009-0009 / VMSA-2009-0008
- http://isc.sans.org/...ml?storyid=6766
Last Updated: 2009-07-11 03:36:00 UTC - "... updates to the ESX Service Console:
> http://lists.vmware....009/000060.html
Jul 10 17:03:28 PDT 2009
VMSA-2009-0009, a new advisory concerning ESX Service Console updates for udev, sudo, and curl.
> http://lists.vmware....009/000061.html
Jul 10 17:37:00 PDT 2009
VMSA-2009-0008, an advisory from June 30th, has been updated. It is an ESX Service Console update for krb5..."

- http://www.vmware.co...-2009-0009.html

- http://www.vmware.co...-2009-0008.html

[AplusWebMaster]

FYI...

VMware Hosted products update libpng and Apache HTTP Server
- http://secunia.com/advisories/36379/2/
Release Date: 2009-08-21
Critical: Moderately critical
Impact: Cross Site Scripting, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: VMWare ACE 2.x, VMWare Player 2.x, VMware Workstation 6.x
Original Advisory: VMSA-2009-0010:
http://lists.vmware....009/000062.html
CVE numbers: CVE-2009-0040, CVE-2007-3847, CVE-2007-1863, CVE-2006-5752, CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005

> http://www.vmware.co...#resolvedissues

> http://www.vmware.co...#resolvedissues

> http://www.vmware.co...#resolvedissues

Edited by AplusWebMaster, 21 August 2009 - 06:29 AM.

[AplusWebMaster]

FYI...

VMware VMSA-2009-0012
VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues
- http://lists.vmware....009/000065.html
2009-09-04 - "... Initial security advisory after release of Workstation Movie Decoder on 2009-09-04. The corresponding updated versions of Workstation, Player and ACE were released on 2009-08-20..."

> http://www.vmware.co...ity/advisories/

- http://secunia.com/advisories/34938/2/
Release Date: 2009-09-07
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch...
Software: VMware Workstation Movie Decoder 6.x...
Solution: Update to version 6.5.3 build 185404...

http://cve.mitre.org...e=CVE-2009-0199
http://cve.mitre.org...e=CVE-2009-2628

[AplusWebMaster]

FYI...

VMware vuln - update available
- http://secunia.com/advisories/36928/2/
Release Date: 2009-10-02
Critical: Less critical
Impact: Privilege escalation, DoS
Where: Local system
Solution Status: Vendor Patch
Software: VMware Fusion 2.x ...
Solution: Update to version 2.0.6 build 196839.
Original Advisory: VMSA-2009-0013:
http://lists.vmware....009/000066.html

> http://www.vmware.co...-2009-0013.html

[AplusWebMaster]

FYI...

VMware - VMSA-2009-0014
- http://www.vmware.co...-2009-0014.html
Synopsis: VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues.
Issue date: 2009-10-16
CVE numbers: CVE-2009-0692 CVE-2009-1893 CVE-2009-0692
CVE-2008-4210 CVE-2008-3275 CVE-2008-5356
CVE-2008-0598 CVE-2008-2136 CVE-2008-2812
CVE-2007-6063 CVE-2008-3525 CVE-2008-2086
CVE-2008-5347 CVE-2008-5348 CVE-2008-5349
CVE-2008-5350 CVE-2008-5351 CVE-2008-5352
CVE-2008-5353 CVE-2008-5354 CVE-2008-5357
CVE-2008-5358 CVE-2008-5359 CVE-2008-5360
CVE-2008-5339 CVE-2008-5342 CVE-2008-5344
CVE-2008-5345 CVE-2008-5346 CVE-2008-5340
CVE-2008-5341 CVE-2008-5343 CVE-2008-5355
CVE-2009-1093 CVE-2009-1094 CVE-2009-1095
CVE-2009-1096 CVE-2009-1097 CVE-2009-1098
CVE-2009-1099 CVE-2009-1100 CVE-2009-1101
CVE-2009-1102 CVE-2009-1103 CVE-2009-1104
CVE-2009-1105 CVE-2009-1106 CVE-2009-1107

VMSA-2009-0002.1 VirtualCenter Update 4 and ESX patch update
- http://lists.vmware....009/000068.html
2009-10-16