Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

VMware advisories/updates

Started by AplusWebMaster , Feb 24 2008 08:42 AM

  • Please log in to reply
181 replies to this topic

#46 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 19 July 2010 - 08:21 PM

FYI...

VMSA-2010-0012 - VMware vCenter Update Manager fix for Jetty Web server...
- http://www.vmware.co...-2010-0012.html
"Summary: VMware vCenter Update Manager fix for Jetty Web server addresses important security vulnerabilities..."

- http://web.nvd.nist....d=CVE-2009-1523
CVSS v2 Base Score: 7.1 (HIGH)
- http://web.nvd.nist....d=CVE-2009-1524
CVSS v2 Base Score: 4.3 (MEDIUM)

- http://secunia.com/advisories/40577/
Release Date: 2010-07-20
Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information
Where: From remote
Original Advisory: VMSA-2010-0012:
- http://www.vmware.co...-2010-0012.html
VMware KB#1023962:
- http://kb.vmware.com...ernalId=1023962

:ph34r:

Edited by AplusWebMaster, 20 July 2010 - 05:28 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

    Advertisements

Register to Remove

#47 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 01 September 2010 - 11:31 AM

FYI...

- http://www.vmware.co...-2010-0013.html

VMSA-2010-0013 VMware ESX third party updates for Service Console
- http://lists.vmware....010/000103.html
Aug 31, 2010
Synopsis: VMware ESX third party updates for Service Console
Issue date: 2010-08-31
CVE numbers: CVE-2005-4268 CVE-2010-0624 CVE-2010-2063 CVE-2010-1321 CVE-2010-1168 CVE-2010-1447 ...
Summary:ESX 3.5 Console OS (COS) updates for COS packages perl, krb5, samba, tar, and cpio...

- http://secunia.com/advisories/41196/
Release Date: 2010-09-01
Impact: Security Bypass, DoS, System access
Where: From remote
Original Advisory: VMSA-2010-0013:
http://lists.vmware....010/000103.html

VMSA-2010-0004.3 ESX Service Console and vMA third party updates
- http://lists.vmware....010/000104.html
Aug 31, 2010
Synopsis: ESX Service Console and vMA third party updates
Issue date: 2010-03-03
Updated on: 2010-08-31
CVE numbers: CVE-2009-2905 CVE-2008-4552 CVE-2008-4316 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2009-0590 CVE-2009-4022 CVE-2009-3560 CVE-2009-3720 CVE-2009-2904 CVE-2009-3563 CVE-2009-2695 CVE-2009-2849 CVE-2009-2695 CVE-2009-2908 CVE-2009-3228 CVE-2009-3286 CVE-2009-3547 CVE-2009-3613 CVE-2009-3612 CVE-2009-3620 CVE-2009-3621 CVE-2009-3726 CVE-2008-3916 CVE-2009-1189 CVE-2009-0115
Summary: ESX Service Console updates for newt, nfs-utils, expat, ntp and glib2 packages.
vMA updates for newt, nfs-util, glib2, kpartx, libvolume-id,device-mapper-multipath, fipscheck, dbus, dbus-libs, ed, openssl,bind, expat, openssh, ntp and kernel packages...

:ph34r:

Edited by AplusWebMaster, 02 September 2010 - 04:25 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#48 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 24 September 2010 - 05:16 AM

FYI...

- http://www.vmware.co...-2010-0014.html
CVE numbers: CVE-2010-3277 CVE-2010-1205 CVE-2010-0205 CVE-2010-2249 CVE-2010-0434 CVE-2010-0425

VMSA-2010-0014 VMware Workstation, Player, and ACE...
- http://lists.vmware....010/000105.html
Sep 23, 2010

- http://secunia.com/advisories/41574/
- http://secunia.com/advisories/41605/
- http://secunia.com/advisories/41606/
- http://secunia.com/advisories/41607/

- http://www.securityt....com/id?1024481

:ph34r:

Edited by AplusWebMaster, 25 September 2010 - 02:44 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#49 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 30 September 2010 - 01:17 PM

FYI...

- http://www.vmware.co...-2010-0015.html

VMSA-2010-0015 VMware ESX third party updates for Service Console
- http://lists.vmware....010/000106.html
Sep 30, 2010
CVE numbers: CVE-2010-0826 CVE-2009-3767 CVE-2010-0734 CVE-2010-1646 CVE-2009-3555 CVE-2009-2409 CVE-2009-3245 CVE-2010-0433 ...

- http://secunia.com/advisories/41618/
Release Date: 2010-09-30
Criticality level: Moderately critical
Impact: Unknown, Security Bypass, Spoofing, Manipulation of data, Exposure of sensitive information, DoS
Where: From remote...
Original Advisory: VMSA-2010-0015:
http://lists.vmware....010/000106.html

:ph34r:

Edited by AplusWebMaster, 01 October 2010 - 02:43 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#50 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 16 November 2010 - 11:21 AM

FYI...

- http://www.vmware.co...-2010-0016.html

VMSA-2010-0016 VMware ESXi and ESX third party updates...
- http://lists.vmware....010/000108.html
Nov 15 23:52:50 PST 2010
Advisory ID: VMSA-2010-0016
Synopsis: VMware ESXi and ESX third party updates for Service Console and Likewise components
Issue date: 2010-11-15
CVE numbers: CVE-2010-0415 CVE-2010-0307 CVE-2010-0291 CVE-2010-0622 CVE-2010-1087 CVE-2010-1437 CVE-2010-1088 CVE-2009-0844 CVE-2009-0845 CVE-2009-0846 CVE-2009-4212 CVE-2010-1321 ...

- http://secunia.com/advisories/42280/
Release Date: 2010-11-16
Criticality level: Highly critical
Impact: Exposure of sensitive information, DoS, System access
Where: From remote ...
Solution Status: Vendor Patch ...
Original Advisory: VMSA-2010-0016:
http://lists.vmware....010/000108.html

- http://secunia.com/advisories/42240/

:ph34r:

Edited by AplusWebMaster, 17 November 2010 - 04:26 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#51 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 30 November 2010 - 07:06 AM

FYI...

- http://www.vmware.co...-2010-0017.html

VMSA-2010-0017 - VMware ESX Server update for kernel
- http://secunia.com/advisories/42384/
Release Date: 2010-11-30
Impact: Privilege escalation
Where: Local system
Solution Status: Partial Fix
... update for the Console OS (COS) kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
Original Advisory: VMSA-2010-0017:
http://lists.vmware....010/000111.html
CVE reference:
- http://web.nvd.nist....d=CVE-2010-3081
Last revised: 11/19/2010
CVSS v2 Base Score: 7.2 (HIGH)

- http://lists.vmware....10/subject.html
Starting: Wed Jan 6 23:07:55 PST 2010
Ending: Mon Nov 29 22:34:15 PST 2010
Messages: 37

:ph34r:

Edited by AplusWebMaster, 30 November 2010 - 11:41 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#52 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 03 December 2010 - 03:31 AM

FYI...

VMSA-2010-0018 VMware - ESX patches...
- http://www.vmware.co...-2010-0018.html
Advisory ID: VMSA-2010-0018
Synopsis: VMware hosted products and ESX patches resolve multiple security issues
Issue date: 2010-12-02
CVE numbers: CVE-2010-4295 CVE-2010-4296 CVE-2010-4297 CVE-2010-4294

- http://www.securityt....com/id?1024819
Dec 3 2010
- http://www.securityt....com/id?1024820
Dec 3 2010

:ph34r:

Edited by AplusWebMaster, 03 December 2010 - 06:54 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#53 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 07 December 2010 - 01:11 PM

FYI...

VMSA-2010-0019 VMware ESX third party updates for Service Console
- http://www.vmware.co...-2010-0019.html
Dec 7, 2010 - Advisory ID: VMSA-2010-0019
Synopsis: VMware ESX third party updates for Service Console
Issue date: 2010-12-07
CVE numbers:
- http://web.nvd.nist....d=CVE-2010-0405
- http://web.nvd.nist....d=CVE-2010-0590
- http://web.nvd.nist....d=CVE-2010-2409
- http://web.nvd.nist....d=CVE-2010-3069
- http://web.nvd.nist....d=CVE-2010-3555

- http://secunia.com/advisories/42467/
- http://secunia.com/advisories/42529/
- http://secunia.com/advisories/42530/
- http://secunia.com/advisories/42531/
Release Date: 2010-12-07

:ph34r:

Edited by AplusWebMaster, 07 December 2010 - 04:17 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#54 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 22 December 2010 - 04:23 AM

FYI...

VMSA-2010-0020 - VMware ESXi 4.1 Update Installer SFCB Authentication Flaw
- http://www.vmware.co...-2010-0020.html
Issue date: 2010-12-21
CVE number: CVE-2010-4573
ESXi 4.1 - Workaround described in VMware Knowledge Base Article KB 1031761:
http://kb.vmware.com/kb/1031761

- http://kb.vmware.com/kb/1017910

- http://secunia.com/advisories/42591/
Release Date: 2010-12-22
Criticality level: Moderately critical
Impact: Security Bypass
Where: From remote
... The security issue is reported in version 4.1.
Solution: Follow the vendor's workaround.

- http://www.securityt....com/id?1024917
Dec 22 2010

:ph34r:

Edited by AplusWebMaster, 22 December 2010 - 06:39 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#55 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 05 January 2011 - 09:49 AM

FYI...

VMSA-2011-0001 - VMware ESX 3rd party updates for Service Console
- http://secunia.com/advisories/42787/
Release Date: 2011-01-05
Impact: Privilege escalation, DoS, System access
Where: From local network
CVE Reference(s): CVE-2010-0211, CVE-2010-0212, CVE-2010-2956, CVE-2010-3847, CVE-2010-3856
Original Advisory: VMSA-2011-0001:
http://www.vmware.co...-2011-0001.html
Synopsis: VMware ESX third party updates for Service Console packages glibc, sudo, and openldap...

- http://isc.sans.edu/...l?storyid=10204
Last Updated: 2011-01-05 12:39:50 UTC

:ph34r:

Edited by AplusWebMaster, 05 January 2011 - 10:06 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

    Advertisements

Register to Remove

#56 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 08 February 2011 - 09:35 AM

FYI...

VMSA-2011-0002 Cisco Nexus 1000V VEM updates
- http://www.vmware.co...-2011-0002.html
Synopsis: Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi
Issue date: 2011-02-07
CVE numbers: CVE-2011-0355
Relevant releases: The following VMware products could be affected by a denial of service vulnerability that is present in older versions of the Cisco Nexus 1000V virtual switch:
ESXi 4.1, ESXi 4.0, ESX 4.1, ESX 4.0

- http://www.securityt....com/id/1025030
Feb 8 2011

:ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#57 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 11 February 2011 - 02:05 PM

FYI...

Win 7 Patch Tuesday security udpates break VMware software
- http://www.h-online....re-1188165.html
11 February 2011

- http://www.us-cert.g...ory_for_windows
February 11, 2011

VMSA-2011-0003 - 3rd party component updates...
- http://www.vmware.co...-2011-0003.html
2011-02-10
Synopsis: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Summary: Update 1 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1, ESXi 4.1, addresses several security issues.
Relevant releases: vCenter Server 4.1 without Update 1, vCenter Update Manager 4.1 without Update 1, ESXi 4.1 without patch ESXi410-201101201-SG, ESX 4.1 without patch ESX410-201101201-SG...

:ph34r: :ph34r:

Edited by AplusWebMaster, 14 February 2011 - 05:33 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#58 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 08 March 2011 - 03:41 AM

FYI...

VMSA-2011-0004 VMware...
- http://www.vmware.co...-2011-0004.html
Synopsis: VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
Issue date: 2011-03-07
CVE numbers: CVE-2010-3613 CVE-2010-3614 CVE-2010-3762 CVE-2010-3316 CVE-2010-3435 CVE-2010-3853 CVE-2010-2059 CVE-2010-3609 ...
1. Summary:
Service Location Protocol daemon (SLPD) denial of service issue and ESX 4.0 Service Console OS (COS) updates for bind, pam, and rpm.
2. Relevant releases:
VMware ESXi 4.1 without patch ESXi410-201101201-SG.
VMware ESXi 4.0 without patch ESXi400-201103401-SG.
VMware ESX 4.1 without patch ESX410-201101201-SG.
VMware ESX 4.0 without patches ESX400-201103401-SG, ESX400-201103404-SG, ESX400-201103406-SG, ESX400-201103407-SG...
___

- http://secunia.com/advisories/43675/
Release Date: 2011-03-08
Impact: Security Bypass, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS
- http://secunia.com/advisories/43601/
Release Date: 2011-03-08

- http://www.securityt....com/id/1025168
Mar 8 2011

:ph34r:

Edited by AplusWebMaster, 08 March 2011 - 04:13 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#59 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 15 March 2011 - 11:01 AM

FYI...

VMSA-2011-0005 - VMware vCenter Orchestrator vuln
- http://www.vmware.co...-2011-0005.html
2011-03-14: 1. Summary:
A vulnerability in VMware vCenter Orchestrator(vCO) could allow remote execution.
2. Relevant releases:
VMware vCenter Orchestrator 4.1
VMware vCenter Orchestrator 4.0
3. Problem Description:
VMware vCenter Orchestrator is an application to automate management tasks. It embeds Apache Struts (version 2.0.11) which is a third party component. The following vulnerability has been reported in Apache Struts 2.0.11 or earlier. A remote execution of code vulnerability could allow malicious users to bypass the '#'-usage protection built into the ParametersInterceptor, which could allow server side context objects to be manipulated...
4. Solution: vCenter Orchestrator workaround for Apache Struts
- http://kb.vmware.com/kb/1034175

- http://secunia.com/advisories/43717/
Release Date: 2011-03-16
Criticality level: Moderately critical
Impact: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information, System access
Where: From local network
Original Advisory: VMSA-2011-0005:
http://www.vmware.co...-2011-0005.html
http://kb.vmware.com/kb/1034175

:ph34r:

Edited by AplusWebMaster, 16 March 2011 - 08:25 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#60 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 30 March 2011 - 11:15 AM

FYI...

VMSA-2011-0006 - VMware vmrun utility local privilege escalation
- http://www.vmware.co...-2011-0006.html
Issue date: 2011-03-29
CVE numbers: http://cve.mitre.org...e=CVE-2011-1126
... installed in VMware Workstation by default.
- http://kb.vmware.com/kb/1035509

- http://secunia.com/advisories/43885/
Release Date: 2011-03-30
- http://secunia.com/advisories/43943/
Release Date: 2011-03-30

- http://www.securityt....com/id/1025270
Mar 30 2011

:ph34r:

Edited by AplusWebMaster, 30 March 2011 - 11:16 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Related Topics

Back to Updates To Software · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Discussion
  3. Updates To Software
  4. Privacy Policy
  5. Terms of Use ·